Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

**Vaikutus**

Low

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34435

Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVE-2022-34436

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.  
 

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34435

Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVE-2022-34436

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.  
 

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-34435

Dell iDRAC9

Versions before 6.00.30.00

6.00.30.00

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverId=D92HF

CVE-2022-34436

Dell iDRAC8

Versions before 2.84.84.84

2.84.84.84

iDRAC8 firmware is planned to be available March 2023.

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-34435

Dell iDRAC9

Versions before 6.00.30.00

6.00.30.00

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverId=D92HF

CVE-2022-34436

Dell iDRAC8

Versions before 2.84.84.84

2.84.84.84

iDRAC8 firmware is planned to be available March 2023.

**Kiitokset**

Dell Technologies would like to thank the Cloud Compute Security Team from Google for reporting this issue.  
 

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-11-14

Initial release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

iDRAC8, iDRAC9, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series, iDRAC9 - 5.xx Series, iDRAC9 - 6.xx Series

14 marrask. 2022

CVE-2022-34436: DSA-2022-265: Dell iDRAC8 and Dell iDRAC9 Security Update for a RACADM Vulnerability

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34457

Dell Command | Configure versions before 4.9.0 contain an Improper Access Control vulnerability. A local low-privileged attacker may potentially exploit this vulnerability, leading to the escalation of privilege. This vulnerability is considered critical as it allows a nonadministrator to modify files inside the installed directory and make the application unavailable for all users.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

 

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34457

Dell Command | Configure versions before 4.9.0 contain an Improper Access Control vulnerability. A local low-privileged attacker may potentially exploit this vulnerability, leading to the escalation of privilege. This vulnerability is considered critical as it allows a nonadministrator to modify files inside the installed directory and make the application unavailable for all users.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

 

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-3602

Dell Command | Configure

Versions before 4.9.0

4.9.0

https://www.dell.com/support/home/drivers/driversdetails?driverid=0H64D

CVE-2022-3786

CVE-2022-34457

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-3602

Dell Command | Configure

Versions before 4.9.0

4.9.0

https://www.dell.com/support/home/drivers/driversdetails?driverid=0H64D

CVE-2022-3786

CVE-2022-34457

**Kiitokset**

CVE-2022-34457: Dell Technologies would like to thank Pwni for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-11-22

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

22 marrask. 2022

CVE-2022-34457: DSA-2022-297: Dell Command | Configure Security Update for Multiple Vulnerabilities

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34399

Dell BIOS contains a buffer access vulnerability. A malicious user with administrator privileges may potentially exploit this vulnerability by sending input larger than expected in order to read certain sections.

  
5.1

  
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34399

Dell BIOS contains a buffer access vulnerability. A malicious user with administrator privileges may potentially exploit this vulnerability by sending input larger than expected in order to read certain sections.

  
5.1

  
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**BIOS Update Version**

**BIOS Release Date (MM-DD-YYYY)**

Alienware m15 A6

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 Ryzen Edition R5

1.4.3

09-29-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

**Product**

**BIOS Update Version**

**BIOS Release Date (MM-DD-YYYY)**

Alienware m15 A6

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 Ryzen Edition R5

1.4.3

09-29-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

**Kiitokset**

Dell Technologies thanks Cederic Laumen (@ling\_sec) for reporting CVE-2022-34399.  
 

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-11-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Alienware m15 Ryzen Edition R5, Dell G15 5515 Ryzen Edition, Dell G15 5525, Inspiron 3505, Inspiron 3585, Inspiron 3595, Inspiron 3785, Product Security Information, Vostro 3405

15 marrask. 2022

CVE-2022-34399: DSA-2022-317: Dell Client Security Update for Dell Client BIOS

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

SUSE SLES 15-SP3 CVE-2019-19536,CVE-2019-19534, CVE-2019-14901,CVE-2019-15916 CVE-2019-18809,CVE-2019-0154,CVE-2019-18805,CVE-2019-19081,CVE-2019-19080,CVE-2019-19083,CVE-2019-19060,CVE-2019-19082,CVE-2019-19067,CVE-2019-16231,CVE-2019-19046,CVE-2019-19068,CVE-2019-19063,CVE-2019-19062,CVE-2019-19065,CVE-2019-19525,CVE-2019-19528,CVE-2019-19049,CVE-2019-19543,CVE-2019-14895,CVE-2019-19227,CVE-2019-19524,CVE-2019-19529,CVE-2019-18660,CVE-2019-19056,CVE-2019-19078,CVE-2019-19077,CVE-2019-17055,CVE-2019-19058,CVE-2019-19531,CVE-2019-18683,CVE-2019-19057,CVE-2019-19530,CVE-2019-19052,CVE-2019-19074,CVE-2019-19073,CVE-2019-19075,CVE-2021-20233,CVE-2020-27779,CVE-2020-25632,CVE-2020-14372,CVE-2020-25647,CVE-2020-27749,CVE-2021-20225,CVE-2019-25013,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326,CVE-2020-27618,CVE-2021-3144, CVE-2021-25281,CVE-2020-35662,CVE-2021-3197,CVE-2020-28972, CVE-2021-25283,CVE-2021-25282,CVE-2021-3148,CVE-2021-25284, CVE-2020-28243,CVE-2019-18348,CVE-2020-8492,CVE-2019-5010, CVE-2020-14422,CVE-2020-26116,CVE-2019-20907,CVE-2019-16935,CVE-2020-27619,CVE-2021-4034,CVE-2020-7217,CVE-2019-18903, CVE-2020-8231,CVE-2019-8696,CVE-2019-8675,CVE-2019-18218,CVE-2020-10543,CVE-2020-12723,CVE-2020-10878,CVE-2020-11652,CVE-2020-11651,CVE-2020-8023,CVE-2017-8871,CVE-2017-8834,CVE-2019-20812,CVE-2019-9455,CVE-2020-10711,CVE-2020-12659,CVE-2020-12769,CVE-2020-12768,CVE-2020-10720,CVE-2020-12657,CVE-2020-10732,CVE-2020-12656,CVE-2020-10757,CVE-2020-12464,CVE-2020-10690,CVE-2018-1000199,CVE-2020-10751,CVE-2020-12655,CVE-2020-13143,CVE-2020-12654,CVE-2020-0543,CVE-2020-12114,CVE-2020-12653,CVE-2020-12652,CVE-2019-19462,CVE-2019-20806,CVE-2018-18751,CVE-2020-14314,CVE-2020-10135,CVE-2020-14331,CVE-2020-14386,CVE-2020-14356,CVE-2020-16166,CVE-2020-24394,CVE-2020-1749,CVE-2020-14310,CVE-2020-14311,CVE-2020-15707,CVE-2020-10713,CVE-2020-14308,CVE-2020-15706,CVE-2020-14309,CVE-2019-18897,CVE-2019-17361,CVE-2019-9674,CVE-2020-8492,CVE-2019-20810,CVE-2020-10766,CVE-2020-10767,CVE-2020-12888,CVE-2019-16746,CVE-2020-14416,CVE-2020-10768,CVE-2020-10769,CVE-2020-10781,CVE-2020-12771,CVE-2020-0305,CVE-2020-13974,CVE-2020-10773,CVE-2019-20908,CVE-2020-15780,CVE-2020-15393,CVE-2020-7216,CVE-2019-18902,CVE-2020-3898,CVE-2020-8177,CVE-2019-12900,CVE-2016-3189,CVE-2021-39537,CVE-2021-33503,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2021-3981,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736,CVE-2022-28737,CVE-2019-10160,CVE-2018-20852,CVE-2011-3389,CVE-2019-9947,CVE-2016-0772,CVE-2012-0845,CVE-2013-4238,CVE-2018-14647,CVE-2014-4650,CVE-2018-1000802,CVE-2012-1150,CVE-2019-16056,CVE-2011-4944,CVE-2019-5010,CVE-2018-20406,CVE-2019-15903,CVE-2019-9636,CVE-2018-1061,CVE-2018-1060,CVE-2014-2667,CVE-2019-16935,CVE-2016-1000110,CVE-2013-1752,CVE-2016-5699,CVE-2016-5636,CVE-2017-18207,CVE-2019-15213,CVE-2019-19537,CVE-2019-19338,CVE-2019-19319,CVE-2020-7053,CVE-2019-19318,CVE-2019-19533,CVE-2019-19532,CVE-2019-19535,CVE-2019-18808,CVE-2020-8648,CVE-2019-16746,CVE-2020-8428,CVE-2019-19045,CVE-2019-19066,CVE-2019-19526,CVE-2019-19966,CVE-2020-8992,CVE-2019-19767,CVE-2019-19965,CVE-2019-19527,CVE-2019-14897,CVE-2019-14896,CVE-2019-19447,CVE-2019-16994,CVE-2019-19523,CVE-2019-14615,CVE-2019-20054,CVE-2019-20096,CVE-2019-20095,CVE-2019-19927,CVE-2020-2732,CVE-2019-19036,CVE-2019-19332,CVE-2019-19051,CVE-2019-19054,CVE-2020-25212,CVE-2020-25641,CVE-2020-0404,CVE-2020-0427,CVE-2019-25643,CVE-2020-0431,CVE-2020-0432,CVE-2020-25643,CVE-2020-14390,CVE-2020-26088,CVE-2020-25284,CVE-2020-14381  
  See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Dell BIOS FW CVE-2020-0587,CVE-2020-0588,CVE-2020-0590,CVE-2020-0591  
CVE-2020-0592,CVE-2020-0593 

CVE-2020-8705,CVE-2020-8755

CVE-2020-8696

CVE-2020-8695,CVE-2020-8694

CVE-2020-8674,CVE-2020-8738,CVE-2020-8739,CVE-2020-8740 

CVE-2020-8673

CVE-2021-0060

CVE-2021-0127

CVE-2021-0103,CVE-2021-0114,CVE-2021-0115,CVE-2021-0116,CVE-2021-0117,CVE-2021-0118,CVE-2021-0099,CVE-2021-0111,CVE-2021-0107,CVE-2021-0125,CVE-2021-0124,CVE-2021-0092,CVE-2021-0093

  CVE-2020-12358,CVE-2020-12360, CVE-2020-24486,CVE-2021-0095,  
CVE-2020-12359,CVE-2020-8670,CVE-2020-12357

CVE-2020-24511,CVE-2020-24512

CVE-2020-24506,CVE-2020-24507,CVE-2020-8703

CVE-2019-14553

INTEL-SA-00358

INTEL-SA-00391

INTEL-SA-00381

INTEL-SA-00389

INTEL-SA-00390

INTEL-SA-00470  
INTEL-SA-00532

INTEL-SA-00527

INTEL-SA-00463

  INTEL-SA-00464  

INTEL-SA-00459

CVE-2022-34456: DSA-2022-267: Dell EMC Metronode VS5 Security Update for Multiple Third-Party Component Vulnerabilities

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34393

Prior Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34460

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34393

Prior Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34460

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**BIOS Update Version**

**BIOS Release Date (MM/DD/YYYY)**

Dell G5 SE 5505

1.12.1

9/27/2022

Inspiron 27 7775

2.17.0

8/9/2022

Inspiron 3180

1.5.0

8/12/2022

Inspiron 3185

1.5.0

8/12/2022

Inspiron 3195 2-in-1

1.5.0

8/11/2022

Inspiron 3275

1.9.1

8/2/2022

Inspiron 3475

1.9.1

8/2/2022

Inspiron 3505

1.8.0

8/9/2022

Inspiron 3515

1.7.0

8/9/2022

Inspiron 3585

1.9.0

8/29/2022

Inspiron 3595

1.4.0

8/9/2022

Inspiron 3785

1.9.0

8/29/2022

Inspiron 5405

1.8.1

9/26/2022

Inspiron 5415

1.12.0

9/14/2022

Inspiron 5485

2.10.1

9/20/2022

Inspiron 5485 2-in-1

2.10.1

9/20/2022

Inspiron 5505

1.8.1

9/26/2022

Inspiron 5515

1.12.0

9/14/2022

Inspiron 5585

2.10.1

9/20/2022

Inspiron 7375

1.9.0

10/4/2022

Inspiron 7405 2-in-1

1.9.1

9/26/2022

Inspiron 7415

1.12.0

9/14/2022

Vostro 3405

1.8.0

8/9/2022

Vostro 3515

1.7.0

8/9/2022

Vostro 5415

1.12.0

9/14/2022

Vostro 5515

1.12.0

9/14/2022

**Product**

**BIOS Update Version**

**BIOS Release Date (MM/DD/YYYY)**

Dell G5 SE 5505

1.12.1

9/27/2022

Inspiron 27 7775

2.17.0

8/9/2022

Inspiron 3180

1.5.0

8/12/2022

Inspiron 3185

1.5.0

8/12/2022

Inspiron 3195 2-in-1

1.5.0

8/11/2022

Inspiron 3275

1.9.1

8/2/2022

Inspiron 3475

1.9.1

8/2/2022

Inspiron 3505

1.8.0

8/9/2022

Inspiron 3515

1.7.0

8/9/2022

Inspiron 3585

1.9.0

8/29/2022

Inspiron 3595

1.4.0

8/9/2022

Inspiron 3785

1.9.0

8/29/2022

Inspiron 5405

1.8.1

9/26/2022

Inspiron 5415

1.12.0

9/14/2022

Inspiron 5485

2.10.1

9/20/2022

Inspiron 5485 2-in-1

2.10.1

9/20/2022

Inspiron 5505

1.8.1

9/26/2022

Inspiron 5515

1.12.0

9/14/2022

Inspiron 5585

2.10.1

9/20/2022

Inspiron 7375

1.9.0

10/4/2022

Inspiron 7405 2-in-1

1.9.1

9/26/2022

Inspiron 7415

1.12.0

9/14/2022

Vostro 3405

1.8.0

8/9/2022

Vostro 3515

1.7.0

8/9/2022

Vostro 5415

1.12.0

9/14/2022

Vostro 5515

1.12.0

9/14/2022

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None.

**Kiitokset**

Dell Technologies would like to thank Jiawei Yin (Yngweijw) for reporting CVE-2022-34393 and CVE-2022-34460.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022/10/27

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Inspiron, 3000 Series, G Series, G Series, Inspiron, 3000 Series, 5000 Series, 7000 Series, Vostro, 3000 Series, 5000 Series, Product Security Information

27 lokak. 2022

CVE-2022-34460: DSA-2022-278: Dell Client Security Update for Dell Client BIOS

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34401

Dell BIOS contains a stack-based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34401

Dell BIOS contains a stack-based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**BIOS Update Version**

**BIOS Release Date (MM/DD/YYYY)**

Alienware m15 A6

1.4.3

09/29/2022

Alienware m17 Ryzen Edition R5

1.4.3

09/29/2022

Dell G15 5525

1.4.3

09/29/2022

**Product**

**BIOS Update Version**

**BIOS Release Date (MM/DD/YYYY)**

Alienware m15 A6

1.4.3

09/29/2022

Alienware m17 Ryzen Edition R5

1.4.3

09/29/2022

Dell G15 5525

1.4.3

09/29/2022

**Kiitokset**

Dell Technologies would like to thank Cederic Laumen (@ling\_sec) for reporting CVE-2022-34401.  
 

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022/10/27

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

01 marrask. 2022

CVE-2022-34401: DSA-2022-291: Dell Client Security Update for Dell Client BIOS

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-32490

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-32490

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**BIOS Update Version**

**BIOS Release Date (MM-DD-YYYY)**

Dell Edge Gateway 3000 series

1.9.0

08-09-2022

Dell Embedded Box PC 3000

1.15.0

08-08-2022

Dell Edge Gateway 5000

1.19.0

08-09-2022

**Product**

**BIOS Update Version**

**BIOS Release Date (MM-DD-YYYY)**

Dell Edge Gateway 3000 series

1.9.0

08-09-2022

Dell Embedded Box PC 3000

1.15.0

08-08-2022

Dell Edge Gateway 5000

1.19.0

08-09-2022

**Kiitokset**

Dell Technologies thanks Jiawei Yin (Yngweijw) for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-11-02

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Embedded Box PCs, Edge Gateways, Dell Edge Gateway 3000 Series, Dell Edge Gateway 5000, Dell Embedded Box PC 3000, Product Security Information

07 marrask. 2022

CVE-2022-32490: DSA-2022-249: Dell Security Update for Dell Edge Gateway and Embedded Box BIOS

Red Hat Security Advisory 2023-0114-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:0114-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0114  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2964 CVE-2022-4139   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64  
Red Hat Enterprise Linux for Real Time (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: i915: Incorrect GPU TLB flush can lead to random memory access  
(CVE-2022-4139)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The latest RHEL 8.7.z1 kernel changes need to be merged into the RT  
source tree to keep source parity between the two kernels. (BZ#2137411)

* [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12.  
(BZ#2139867)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:  
kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.src.rpm

x86_64:  
kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 8):

Source:  
kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.src.rpm

x86_64:  
kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-4139  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/jAtzjgjWX9erEAQhnKg//UYktJzLxcCq9/muMdr2bc0okwpJuoXPX  
JsYZ5YK/IkGX3/b7yqmrdXd3pEm/gLhANI4t9AvcSV2xbJVCyDbcGSz62P2NRI/k  
E4Rf+qGenUeGmez9T/FojeEU0vkpsogRuCGb0T69j77lVdoNdublAxdfz/UdVDz9  
K2KMIDkLxBuQYmAkTqCIqBjXm/dkQWJADwUegbP12akZ8x0wpVSPdpxvV9UUPKMz  
AluaBqgA/kjznqxHGNFubpAqLfgHl5BVGhX8eK7UrXdDbXNtEfdT6dHbGVqBxm2L  
ZLifoT0hWJqUseM/aIEMKJGnS8Hg78Mvj1WHUa58n3ieQSt5sfBqlTaEY5u2f+DT  
Tlnss59pV6ArHSdG3wcj3u2vBxePtvPt7xtFT6uwaP6MwyHHPyg/K5ttsJXt1AAl  
pglIYnqai5sWqbXS16vJCMbbAoM2obgqefh55RwqyzzdEEthTvJKEvPZrSVi/3wv  
Vv6jgEI8NSRWFLF81ZbGrDyr12WHvq25c6lYuNr2RvZipFCmcE4V7lp9ujXytfZd  
f1Id/aBE9ankE2C9a8jGwD9g0qI3Z5U/x/r2n+AByXnS9xuNf+otwK8DCxCgciJG  
TuuQ+7Ki5ETHHuEn8cKmh6xJKIr+4d8xC083JvD9E2WQBQo0iRMMs+Dhi7yP6sSh  
NVRYfRyxVzA=  
=EhaD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0114-01

Red Hat Security Advisory 2023-0101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:0101-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0101  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2964 CVE-2022-4139   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: i915: Incorrect GPU TLB flush can lead to random memory access  
(CVE-2022-4139)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - zfcp: fix missing auto port scan and thus missing target ports  
(BZ#2127849)

* vfio zero page mappings fail after 2M instances (BZ#2128515)

* ice: Driver Update up to 5.19 (BZ#2130992)

* atlantic: missing hybernate/resume fixes (BZ#2131935)

* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)

* Fix issue that enables STABLE_WRITES by default and causes performance  
regressions (BZ#2135813)

* ice: Intel E810 PTP clock glitching (BZ#2136036)

* ice: configure link-down-on-close on and change interface mtu to 9000,the  
interface can't up (BZ#2136216)

* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)

* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing  
(BZ#2137270)

* After upgrading to ocp4.11.1, our dpdk application using vlan strip  
offload is not working (BZ#2138157)

* i40e: orphaned-leaky memory when interacting with driver memory  
parameters (BZ#2138205)

* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309  
hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)

* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12.  
(BZ#2139216)

* Lenovo 8.7: The VGA display shows no signal when install RHEL8.7  
(BZ#2140152)

* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow  
Iperf Cannot Pass Traffic (BZ#2141878)

* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload  
enabled (BZ#2141957)

* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with  
in-tree driver (BZ#2142017)

* RHEL:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing  
hangs in scsi eh, this bug was cloned for RHEL8.6 and need this patch in  
8.6+ (BZ#2144583)

* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working  
properly (BZ#2145218)

* Path loss during Volume Ownership Change on RHEL 8.7 SAS (BZ#2147374)

* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver  
(BZ#2148130)

* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)

* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)

* Azure RHEL-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot  
time (BZ#2150912)

* RHEL-8.7: System fails to boot with soft lockup while loading/unloading  
an unsigned (E) kernel module. (BZ#2152206)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-425.10.1.el8_7.src.rpm

aarch64:  
bpftool-4.18.0-425.10.1.el8_7.aarch64.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-core-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-425.10.1.el8_7.noarch.rpm  
kernel-doc-4.18.0-425.10.1.el8_7.noarch.rpm

ppc64le:  
bpftool-4.18.0-425.10.1.el8_7.ppc64le.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-core-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm

s390x:  
bpftool-4.18.0-425.10.1.el8_7.s390x.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
perf-4.18.0-425.10.1.el8_7.s390x.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
python3-perf-4.18.0-425.10.1.el8_7.s390x.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm

x86_64:  
bpftool-4.18.0-425.10.1.el8_7.x86_64.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-core-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-4139  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i69zjgjWX9erEAQi7og/+NmgRZHeaRAFdkzMYD9KOIoU1RNAlKAfu  
hJf63p0zW4JqRUcn7p+v3qFw84eBJR4Q+dWsx9I8IBKoZ+jZQQlvMOy17eXPnedD  
et7KieOv6+4YXYh9QDD6LzqXjrhdZCFVTbd2Yjhnsvll74o/r4T8at+MGZmAEbsc  
9vWDOyknBmusOnk1GcKKgvrOGfpw/WHKsn/O+iZAT3o1kEHxQoUF689rYGn/Nm56  
i+53s/QlbvXTAmiyMjMWTfM7fR899BRfYfEy0GCrFT7NOcXZ14DwZ4bgLXqeFaHv  
pIVDryqShKr6qUsp0Whb8y6RcqZebL57mCDmnGhrCn3O4n9RMtjn3ApDks9urp0t  
wmrO/TuejHqM9Agjyz2SZSJf23nJSoCxfssHkRPbd/NxPVv2a05iOe/GPrMdmA1D  
bLUKyIeAy8gxNzxIqrH/MmTlyddUVgy/3Oi15etSSRYxG3zPQYAIB3yxdVKxOS4K  
YJhZzL5OMQilO/dP3zYrGSjJkA5CTYU0laMs8QPDpBiKUJU8q/r7XRj6PS6THCOZ  
Xjpf66XYbT42v6Ly3lIvM+w6TZpy2NzxFBfq8Ab8J+ssUYzEpxlD7voZ0ca9rbzv  
V4SVdHzEpMITwqkW1OPjKMWYlFFkMn7RcgzU1jgxTTwN3y1IIJSVCU67NP4K+re7  
Vh1Z7+eM4CY=  
=B1Qw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0101-01

A Florida man was sentenced today to 133 months in prison for his role in an international telemarketing scheme orchestrated from a call center in Costa Rica that defrauded more than 400 victims — many of whom were elderly — in the United States out of millions of dollars.

Manuel Mauro Chavez, 32, of Hollywood, was convicted at trial in July 2021 in the Western District of North Carolina of one count of conspiracy to commit mail and wire fraud, six counts of wire fraud, one count of conspiracy to commit international money laundering, and six counts of international money laundering. According to court documents and evidence presented at trial, Chavez was a U.S.-based participant in a fraudulent scheme in which telemarketers based in Costa Rica falsely posed as U.S. government officials and contacted victims in the United States to tell them they had won a substantial “sweepstakes” prize, but before collecting this supposed prize, they needed to make a series of up-front payments to cover purported taxes or other fees. After deceiving victims out of their money, Chavez transmitted these funds from the United States for the benefit of the call center and others involved in the scheme in Costa Rica.

In two related matters, Mark Raymond Oman, 38, of Long Beach, Washington, was sentenced on Nov. 17, 2022, to three years and one month in prison, and Paul Andy Stiep, 30, of Miami, was sentenced on Dec. 20, 2022, to seven years in prison. Oman worked at the call center soliciting victims and collected victim funds in Costa Rica, while Stiep transmitted victims’ payments from the United States for the benefit of the call center in Costa Rica.

Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division, Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division, Acting Special Agent in Charge Michael Scherck of the FBI Charlotte Field Office, Inspector in Charge Tommy Coke of the U.S. Postal Inspection Service’s (USPIS) Atlanta Division, and Special Agent in Charge Bryant Jackson of the IRS Criminal Investigation (IRS-CI) Cincinnati Field Office made the announcement.

The FBI, USPIS, and IRS-CI investigated the case.

Trial Attorneys Joshua DeBold and Della Sentilles of the Criminal Division’s Fraud Section prosecuted the case.

The department’s extensive and broad-based efforts to combat elder fraud seek to halt the widespread losses seniors suffer from fraud schemes. The best method for prevention, however, is by sharing information about the various types of elder fraud schemes with relatives, friends, neighbors, and other seniors who can use that information to protect themselves.

If you or someone you know is age 60 or older and has been a victim of financial fraud, help is available at the National Elder Fraud Hotline: 1-833-FRAUD-11 (1-833-372-8311). This Department of Justice hotline, managed by the Office for Victims of Crime, is staffed by experienced professionals who provide personalized support to callers by assessing the needs of the victim and identifying relevant next steps. Case managers will identify appropriate reporting agencies, provide information to callers to assist them in reporting, connect callers directly with appropriate agencies, and provide resources and referrals, on a case-by-case basis. Reporting is the first step. Reporting can help authorities identify those who commit fraud and reporting certain financial losses due to fraud as soon as possible can increase the likelihood of recovering losses. The hotline is staffed seven days a week from 6:00 a.m. to 11:00 p.m. ET. English, Spanish, and other languages are available.

Tag

#dell