softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

On Tue, 21 Jun 2022 at 16:38, Richard Henderson
<richard.hender...@linaro.org> wrote:
>
> The bug is an uninitialized memory read, along the translate\_fail
> path, which results in garbage being read from iotlb\_to\_section,
> which can lead to a crash in io\_readx/io\_writex.
>
> The bug may be fixed by writing any value with zero
> in ~TARGET\_PAGE\_MASK, so that the call to iotlb\_to\_section using
> the xlat'ed address returns io\_mem\_unassigned, as desired by the
> translate\_fail path.
>
> It is most useful to record the original physical page address,
> which will eventually be logged by memory\_region\_access\_valid
> when the access is rejected by unassigned\_mem\_accepts.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1065
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>

Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>

thanks
-- PMM

CVE-2022-35414: Re: [PATCH v2] softmmu: Always initialize xlat in address_space_translate_for_iotlb

DID promises to give web users more control over their digital identities

DID promises to give web users more control over their digital identities

The W3C consortium has decided to move forward a specification for Decentralized Identifiers (DID) to W3C Recommendation status, despite objections from several prominent members of the consortium.

While still in its early stages, DID promises to give web users more control over their digital identities.

**What are Decentralized Identifiers?**

Individuals and organizations rely on identifiers such as phone numbers, email addresses, and usernames on social media. However, most identifiers are issued and controlled by external authorities that decide who or what they refer to and when they can be revoked.

DIDs are a new type of identifier that enable verifiable, decentralized digital identities. DIDs can refer to persons, organizations, things, data models, or abstract entities, as determined by a DID ‘controller’.

**RECOMMENDED** Lockdown Mode: Apple offers $2m bug bounty for vulnerabilities in new anti-spyware tech

In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities.

“Decentralized Identifiers… are an important foundational component for a new approach to digital identity,” Markus Sabadello, CEO at Danube Tech and co-editor of the W3C DID Core specification, told _The Daily Swig_.

“Without identifiers, we cannot establish connections or conduct any transactions. We cannot share data and we cannot exchange messages. And without that, we cannot build higher-level concepts such as trust and reputation.

“The technical foundations for digital identity and online interactions must be decentralized. That's what DIDs offer.”

**How does DID work?**

A DID is identified by a string that includes a URI scheme, the method, and an identifier:

A simple example of a Decentralized Identifier (DID)

DID URLs refer to a DID subject and resolve to DID Documents, which contain information associated with the DID, such as cryptographic public keys, services, and interactions.

DIDs can be recorded on verifiable data registries, such as distributed ledgers, decentralized file systems, databases of any kind, and peer-to-peer networks. Finally, a DID controller is the person, organization, device, or service that can modify the DID document.

DID architecture

The architecture has been designed for control, privacy, security, interoperability, extensibility, and portability.

Users should own their identity, port it wherever they want, plug it into whatever application they want, and decide which kind of data to share with service providers.

The most common application in conjunction with DIDs is Verifiable Credentials (VCs). These are digital equivalents to your identity-related documents, such as birth certificates, driver’s licenses, social security cards, and any information that is related to you as a person.

Read more of the latest data privacy news

“DIDs enable the creation, management, and usage of this identity information in a way that puts the subject (you) at the center of any interaction,” Sabadello said. “Your personal data is not shared unless you explicitly allow that.”

DID can also be used for information about organizations and physical objects. However, even though VCs are the most common application of DIDs, the real potential of DIDs is much bigger and could involve really any type of online interaction.

“You could send arbitrary text and photo messages to your friends, secured by DIDs. You could build a decentralized social network using DIDs. You could even play a game of chess via DID-based connections,” Sabadello said.

**Not a perfect solution**

Despite its promises, DID also has its doubters.

“The very concept of a DID I think overcooks the importance of identifiers,” Stephen Wilson, managing director at Lockstep Group, told _The Daily Swig_. “These are just database pointers or reference numbers. They are almost always assigned, mechanically, by information management systems.”

While user identities have been stolen and abused in different ways, indexing identities differently won’t change anything, Wilson says.

“Especially when DID advocates have not explained how their new BYO technology will be adopted by mainstream services. Even if DIDs (and SSI) was a great idea, the cost of integrating changes to the business is unknown and unaccounted for,” he said.

**INTERVIEW** Cloudflare CTO John Graham-Cumming envisages a frictionless future for web authentication tests

Wilson also warns that with regards to surveillance capitalism, the smartest data scientists in the world are working out how to mine our digital activities and extract subtle valuable clues.

“They will continue to track us no matter how we choose to identify ourselves,” he said.

The deepest problem with DIDs, Wilson says, is that they don’t do anything to touch the credential side of things.

“The world has shifted focus from WHO you are to WHAT you are,” he said. “Even if a DID provided some radical new way to assert WHO I am, so what? The counterparties I deal with variously want me to prove my driver’s license, my age, my qualifications, my affiliations, my Covid status, etc.”

All those documents are provided and ascertained by third parties. Even if you’ll be able to carry digital proofs of your identity in a wallet and use them private, peer-to-peer, and decentralized fashion, the underlying authority that underpins the credentials remains centralized.

“So, a DID might be owned by the user, self-published, un-censorable, whatever, but all the credentials stay the same – administered by external authorities,” Wilson said.

**Disagreements in the community**

On June 30, the W3C voted in favor of advancing the DID core specification to W3C Recommendation status. The decision was met with objections by several members, including Mozilla and Google.

“DID-core is only useful with the use of ‘DID methods’, which need their own specifications,” Google wrote. “It’s impossible to review the impact of the core DID specification on the Web without concurrently reviewing the methods it’s going to be used with.”

Mozilla’s objection states: “The DID Core spec has not demonstrated any degree of practical interoperability, instead delegating that to a registry of 50+ methods.”

“\[The members who issued objections\] provided several arguments for the objections, including concerns about interoperability, centralization, and the use of blockchains,” Sabadello said.

“The overwhelming opinion of the community working on DIDs was that those concerns were largely unjustified. Some community members might go as far as describing this as a strategic move by powerful corporations to prevent or at least slow down the success of technologies that could hurt their traditional business models which are based on centralized technology and control.”

The W3C decision, declared by Ralph Swick, for Tim Berners-Lee, states that the core specification does not lack proof of implementability.

“The histories of many Internet standards show that future work can – and often does – lead to improvements to an initial standard,” the W3C statement reads. “This is a feature, not a flaw. It is ultimately a judgment call of the community as to how long a technology must be deployed before the community updates a standard.”

**Next steps for DID**

According to the W3C, the Working Group will next address and deliver the proposed standard DID method(s) and demonstrate interoperable implementations. This will be an opportunity to verify the objections raised during the decision.

DIDs are a foundational part of a larger ecosystem, Sabadello says. Many other technical building blocks are related to DIDs, such as Verifiable Credentials (VCs), OpenID Connect 4 Verifiable Credentials, and DIDComm.

“With the approval of the DID standard, those other building blocks can be implemented and deployed with confidence,” he said, adding that major projects with strong political and corporate support are now underway, such as the European Self-Sovereign Identity Framework (ESSIF).

“This means that in the next few years, digital identity applications and services will become available to millions (or even billions) of people, and increase their levels of freedom and protection in the digital lives,” he said.

**YOU MIGHT ALSO LIKE** Attackers can use ‘Scroll to Text Fragment’ web browser feature to steal data – research

Decentralized Identifiers: Everything you need to know about the next-gen web ID tech

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base score**

**CVSS Vector String**

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions before 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user may chain docker commands to escalate privileges to root leading to complete system takeover.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  

**Proprietary Code CVE**

**Description**

**CVSS Base score**

**CVSS Vector String**

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions before 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user may chain docker commands to escalate privileges to root leading to complete system takeover.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to update**

Cyber Recovery

Versions before 19.11

19.11

Cyber Recovery Downloads

 

**Note:** These vulnerabilities pertain to third-party Golang packages and Cyber Recovery Docker containers and not the management host itself.

**Product**

**Affected Versions**

**Updated Versions**

**Link to update**

Cyber Recovery

Versions before 19.11

19.11

Cyber Recovery Downloads

 

**Note:** These vulnerabilities pertain to third-party Golang packages and Cyber Recovery Docker containers and not the management host itself.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-07-05

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

05 heinäk. 2022

CVE-2022-32481: DSA-2022-163: Dell EMC Cyber Recovery Security Update for Multiple Vulnerabilities

Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.

**Vaikutus**

High

**Tiedot**

Cloud Mobility for Dell EMC Storage, 1.3.0 contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell recommends customers to upgrade at the earliest opportunity.

Cloud Mobility for Dell EMC Storage, 1.3.0 contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell recommends customers to upgrade at the earliest opportunity.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Keinoja ongelman kiertämiseen tai lieventämiseen**

We now reject any patterns in the restore tar file that start with an absolute path or contain .. anywhere in the file path.

**Versiohistoria**

Revision

Date

Description

1.0

2022-07-06

Initial release 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Cloud Mobility, Cloud Mobility for Dell EMC Storage, Product Security Information

06 heinäk. 2022

CVE-2022-33936: DSA-2022-182: Cloud Mobility for Dell EMC Storage Security Update for a Path Traversal/RCE Vulnerability

By Deeba Ahmed
Currently, over 30 sites have been marked as malicious by Google’s Safe Browsing feature. Google TAG (Threat Analysis…
This is a post from HackRead.com Read the original post: Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

****Currently, over 30 sites have been marked as malicious by Google’s Safe Browsing feature.****

Google TAG (Threat Analysis Group) has blocked dozens of malicious websites and domains used by hack-for-hire groups. These groups are different from commercial surveillance tools providers because where the latter only provides tools to conduct cybercrimes, hack-for-hire groups are involved in the attacks directly.

Moreover, companies offering such services may also employ these groups. But, usually, they provide services as freelancers. These groups target organizations and individuals in corporate espionage and data-stealing campaigns. Human rights and political activists, journalists, and politicians are some of their prime targets.

TAG director Shane Huntley stated there’s no definite delineation of hack-for-hire groups’ targets and missions.

**Hackers Targeting High-Risk Entities**

According to TAG’s analysts, hack-for-hire groups attacked high-risk targets across the globe. Although many such groups have been detected over the past few years, in this particular instance, Google has focused on three hack-for-hire gangs operating in the following countries:

1.  India
2.  Russia
3.  United Arab Emirates

In their blog post published Thursday, Google’s researchers explained that while the domains were blocked, over thirty domains were also added to Google’s Safe Browsing system, so users can no longer access them.

**Details of Hack-for-Hire Groups**

**India:** The India-based threat actors have been under Google’s radar since 2012. Some of its members were supposedly linked to offensive security providers Belltrox and Appin. Currently, they work for a new espionage services provider firm Rebsec, revealed TAG.

This group usually targets healthcare, telecom, and government organizations in the Middle East. Their attacks involve phishing credentials for Gmail and AWS (Amazon Web Services) and government service accounts.

**Russia:** The Russia-based group is tracked as Void Balaur. This group primarily targets politicians, journalists, non-profit organizations, and NGOs. It also targets citizens in Russia and nearby countries. This group’s main attack vector is phishing campaigns, and at one point, it had a public website where it promoted its email and social media accounts hacking services.

**UAE:** The threat actor linked with the UAE targets entities across the Middle East and North Africa. Its main targets include educational, government, and political organizations. Like other groups, this one also relies on phishing email scams, but what makes this group different is that it also uses a custom phishing kit.

According to Google researchers, an individual, Mohammed Benabdella, whom Microsoft sued in 2014 for developing H-Worm or njRAT malware, is associated with this group.

Huntley has shared the list of domains Google has blocked (available below) and also tracking many other state-backed threat actors, including surveillance vendors for selling spyware to governments and running financially motivated campaigns worldwide.

aplonl  
myproject-loginshop  
mysite-logshop  
supp-helpme  
account-noreply3xyz  
goolgeltd  
goolgehelp  
account-noreply8info  
account-serverxyz  
kcynvd-mailcom  
mail-goolgecom  
kcynve-mailcom  
dtiwa.applink  
share-team.applink  
mipim.applink  
processs.applink  
aws-amazon.appink  
cliksbs  
loadingsbs  
userprofilelive  
requestservicelive  
unt-logcom  
webtech-portalcom  
id-aplinfo  
rnanage-icloudcom  
go-glio  
login-my-oauth-mailru  
oauth-login-accounts-mailru  
my-oauth-accounts-mailru  
login-cloud-myaccount-mailru  
myaccounts-authru  
security-my-accountru  
source-place-preferenceru  
safe-place-smartlinkru  
safe-place-experienceru  
preference-community-placeru

This is the second major event reported by Google. Just last week, the IT security researchers at the tech giant’s Threat Analysis Group exposed an ongoing campaign in which local ISPs (Internet service providers) in Italy and Kazakhstan were caught installing malware on the smartphones of their customers.

Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-31229

Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

9.6

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVE-2022-31230

Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

  

**Third-party Component**

**CVEs**

**More information**

Libexpat

CVE-2013-0340  
CVE-2018-20843  
CVE-2019-15903  
CVE-2021-45960  
CVE-2021-46143  
CVE-2022-22822  
CVE-2022-22823  
CVE-2022-22824  
CVE-2022-22825  
CVE-2022-22826  
CVE-2022-22827  
CVE-2022-23852  
CVE-2022-23990  
CVE-2022-25235  
CVE-2022-25236  
CVE-2022-25313  
CVE-2022-25314  
CVE-2022-25315

See NVD for individual scores.

OpenSSL

CVE-2022-0778

See NVD for individual score.

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-31229

Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

9.6

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVE-2022-31230

Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

  

**Third-party Component**

**CVEs**

**More information**

Libexpat

CVE-2013-0340  
CVE-2018-20843  
CVE-2019-15903  
CVE-2021-45960  
CVE-2021-46143  
CVE-2022-22822  
CVE-2022-22823  
CVE-2022-22824  
CVE-2022-22825  
CVE-2022-22826  
CVE-2022-22827  
CVE-2022-23852  
CVE-2022-23990  
CVE-2022-25235  
CVE-2022-25236  
CVE-2022-25313  
CVE-2022-25314  
CVE-2022-25315

See NVD for individual scores.

OpenSSL

CVE-2022-0778

See NVD for individual score.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2013-0340  
CVE-2018-20843  
CVE-2019-15903  
CVE-2021-45960  
CVE-2021-46143  
CVE-2022-22822  
CVE-2022-22823  
CVE-2022-22824  
CVE-2022-22825  
CVE-2022-22826  
CVE-2022-22827  
CVE-2022-23852  
CVE-2022-23990  
CVE-2022-25235  
CVE-2022-25236  
CVE-2022-25313  
CVE-2022-25314  
CVE-2022-25315

libexpat

9.1.0.x, 9.2.1.x, and 9.4.0.x

Download and install the latest RUP.

PowerScale OneFS Downloads Area

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS.

CVE-2022-0778

OpenSSL

9.1.0.x, 9.2.1.x, and 9.4.0.x

Download and install the latest RUP.

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS.

CVE-2022-31230

OneFS

9.1.0.x and 9.2.1.x

Download and install the latest RUP.

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS.

CVE-2022-31229

OneFS

9.1.0.x and 9.2.1.x

Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations".

**Note:** The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2013-0340  
CVE-2018-20843  
CVE-2019-15903  
CVE-2021-45960  
CVE-2021-46143  
CVE-2022-22822  
CVE-2022-22823  
CVE-2022-22824  
CVE-2022-22825  
CVE-2022-22826  
CVE-2022-22827  
CVE-2022-23852  
CVE-2022-23990  
CVE-2022-25235  
CVE-2022-25236  
CVE-2022-25313  
CVE-2022-25314  
CVE-2022-25315

libexpat

9.1.0.x, 9.2.1.x, and 9.4.0.x

Download and install the latest RUP.

PowerScale OneFS Downloads Area

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS.

CVE-2022-0778

OpenSSL

9.1.0.x, 9.2.1.x, and 9.4.0.x

Download and install the latest RUP.

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS.

CVE-2022-31230

OneFS

9.1.0.x and 9.2.1.x

Download and install the latest RUP.

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS.

CVE-2022-31229

OneFS

9.1.0.x and 9.2.1.x

Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

9.3.0.x

RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS.

9.0.0, 9.1.1.x, and 9.2.0.x

Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations".

**Note:** The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

**Keinoja ongelman kiertämiseen tai lieventämiseen**

**CVE addressed**

**Workaround and Mitigation**

CVE-2022-31229

In addition to upgrading your version of OneFS or downloading and installing the latest RUP, Dell recommends changing your Dell account password. If the password for your Dell account was used as a password elsewhere, Dell recommends changing these passwords and does not recommend using the same password on multiple accounts or programs. If your Dell account is used by other clients or accounts, they must be updated with the new password.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.1

2022-06-16

Initial release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

16 kesäk. 2022

CVE-2022-31229: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.

CVE-2022-31230: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVE(s)** 

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-29096

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

**Third-Party Component** 

**CVE(s)**

**More information**

JQuery UI Library

CVE-2021-41184

See NVD for individual scores for each CVE

**Proprietary Code CVE(s)** 

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-29096

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

**Third-Party Component** 

**CVE(s)**

**More information**

JQuery UI Library

CVE-2021-41184

See NVD for individual scores for each CVE

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

Dell Wyse Management Suite

3.6.1 and below

3.7

Dell Wyse Management Suite

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

Dell Wyse Management Suite

3.6.1 and below

3.7

Dell Wyse Management Suite

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None

**Kiitokset**

CVE-2022-29097: Dell Technologies would like to thank bugbounty2k20 for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-05-31

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

01 kesäk. 2022

CVE-2022-29097: DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-26862

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

  
6.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVE-2022-26863

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

  
6.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVE-2022-26864

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

6.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-26862

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

  
6.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVE-2022-26863

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

  
6.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVE-2022-26864

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

6.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Minimum BIOS Version**

**BIOS Release Date**

Alienware m15 Ryzen Edition R5

1.5.0

04/14/2022

Dell G15 5515 Ryzen Edition

1.6.0

04/12/2022

Dell G5 SE 5505

1.11.0

04/12/2022

Inspiron 27 7775

2.16.1

04/29/2022

Inspiron 14 5425

1.2.1

05/05/2022

Inspiron 3275

1.9.0

04/14/2022

Inspiron 3475

1.9.0

04/14/2022

Inspiron 11 3180

1.4.4

04/13/2022

Inspiron 11 3185 2-in-1

1.4.4

04/13/2022

Inspiron 3195 2-in-1

1.4.1

04/13/2022

Inspiron 3505

1.6.0

04/12/2022

Inspiron 15 3515

1.5.0

04/13/2022

Inspiron 15 3525

1.3.0

04/26/2022

Inspiron 3585

1.7.0

05/01/2022

Inspiron 3595

1.3.0

04/25/2022

Inspiron 3785

1.7.0

05/01/2022

Inspiron 5405

1.7.0

04/11/2022

Inspiron 24 5415 All-in-One

1.5.0

06/07/2022

Inspiron 5415

1.9.0

04/12/2022

Inspiron 5485

2.8.0

04/25/2022

Inspiron 5485 2-in-1

2.8.0

04/25/2022

Inspiron 5505

1.7.0

04/11/2022

Inspiron 5515

1.9.0

04/12/2022

Inspiron 5575

1.6.0

04/25/2022

Inspiron 15 5585

2.8.0

04/25/2022

Inspiron 13 7375 2-in-1

1.7.0

04/22/2022

Inspiron 7405 2-in-1

1.8.0

04/12/2022

Inspiron 7415 2-in-1

1.9.0

04/11/2022

Inspiron 14 7425 2-in-1

1.2.1

05/05/2022

Vostro 3405

1.6.0

04/12/2022

Vostro 3515

1.5.0

04/13/2022

Vostro 3525

1.3.0

04/26/2022

Vostro 5415

1.9.0

04/12/2022

Vostro 5515

1.9.0

04/12/2022

Vostro 5625

1.2.1

05/05/2022

**Product**

**Minimum BIOS Version**

**BIOS Release Date**

Alienware m15 Ryzen Edition R5

1.5.0

04/14/2022

Dell G15 5515 Ryzen Edition

1.6.0

04/12/2022

Dell G5 SE 5505

1.11.0

04/12/2022

Inspiron 27 7775

2.16.1

04/29/2022

Inspiron 14 5425

1.2.1

05/05/2022

Inspiron 3275

1.9.0

04/14/2022

Inspiron 3475

1.9.0

04/14/2022

Inspiron 11 3180

1.4.4

04/13/2022

Inspiron 11 3185 2-in-1

1.4.4

04/13/2022

Inspiron 3195 2-in-1

1.4.1

04/13/2022

Inspiron 3505

1.6.0

04/12/2022

Inspiron 15 3515

1.5.0

04/13/2022

Inspiron 15 3525

1.3.0

04/26/2022

Inspiron 3585

1.7.0

05/01/2022

Inspiron 3595

1.3.0

04/25/2022

Inspiron 3785

1.7.0

05/01/2022

Inspiron 5405

1.7.0

04/11/2022

Inspiron 24 5415 All-in-One

1.5.0

06/07/2022

Inspiron 5415

1.9.0

04/12/2022

Inspiron 5485

2.8.0

04/25/2022

Inspiron 5485 2-in-1

2.8.0

04/25/2022

Inspiron 5505

1.7.0

04/11/2022

Inspiron 5515

1.9.0

04/12/2022

Inspiron 5575

1.6.0

04/25/2022

Inspiron 15 5585

2.8.0

04/25/2022

Inspiron 13 7375 2-in-1

1.7.0

04/22/2022

Inspiron 7405 2-in-1

1.8.0

04/12/2022

Inspiron 7415 2-in-1

1.9.0

04/11/2022

Inspiron 14 7425 2-in-1

1.2.1

05/05/2022

Vostro 3405

1.6.0

04/12/2022

Vostro 3515

1.5.0

04/13/2022

Vostro 3525

1.3.0

04/26/2022

Vostro 5415

1.9.0

04/12/2022

Vostro 5515

1.9.0

04/12/2022

Vostro 5625

1.2.1

05/05/2022

**Kiitokset**

Dell Technologies would like to thank JiaWei Yin (yngweijw) for reporting these issues.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022/06/21

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

21 kesäk. 2022

CVE-2022-26864: DSA-2022-096: Dell Client Security Update for Multiple Vulnerabilities

Data Processing and Infrastructure Processing Units – DPU and IPU – are changing the way enterprises deploy and manage compute resources across their networks.

SAN FRANCISCO, June 21, 2022 /PRNewswire/ -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the new Open Programmable Infrastructure (OPI) Project. OPI will foster a community-driven, standards-based open ecosystem for next-generation architectures and frameworks based on DPU and IPU technologies. OPI is designed to facilitate the simplification of network, storage and security APIs within applications to enable more portable and performant applications in the cloud and datacenter across DevOps, SecOps and NetOps.

Founding members of OPI include Dell Technologies, F5, Intel, Keysight Technologies, Marvell, NVIDIA and Red Hat with a growing number of contributors representing a broad range of leading companies in their fields ranging from silicon and device manufactures, ISVs, test and measurement partners, OEMs to end users.

"When new technologies emerge, there is so much opportunity for both technical and business innovation but barriers often include a lack of open standards and a thriving community to support them," said Mike Dolan, senior vice president of Projects at the Linux Foundation. "DPUs and IPUs are great examples of some of the most promising technologies emerging today for cloud and datacenter, and OPI is poised to accelerate adoption and opportunity by supporting an ecosystem for DPU and IPU technologies."

DPUs and IPUs are increasingly being used to support high-speed network capabilities and packet processing for applications like 5G, AI/ML, Web3, crypto and more because of their flexibility in managing resources across networking, compute, security and storage domains. Instead of the servers being the infrastructure unit for cloud, edge or the data center, operators can now create pools of disaggregated networking, compute and storage resources supported by DPUs, IPUs, GPUs, and CPUs to meet their customers' application workloads and scaling requirements.

OPI will help establish and nurture an open and creative software ecosystem for DPU and IPU-based infrastructures. As more DPUs and IPUs are offered by various vendors, the OPI Project seeks to help define the architecture and frameworks for the DPU and IPU software stacks that can be applied to any vendor's hardware offerings. The OPI Project also aims to foster a rich open source application ecosystem, leveraging existing open source projects, such as DPDK, SPDK, OvS, P4, etc., as appropriate. The project intends to:

*   Define DPU and IPU,
*   Delineate vendor-agnostic frameworks and architectures for DPU- and IPU-based software stacks applicable to any hardware solutions,
*   Enable the creation of a rich open source application ecosystem,
*   Integrate with existing open source projects aligned to the same vision such as the Linux kernel, and,
*   Create new APIs for interaction with, and between, the elements of the DPU and IPU ecosystem, including hardware, hosted applications, host node, and the remote provisioning and orchestration of software

With several working groups already active, the initial technology contributions will come in the form of the Infrastructure Programmer Development Kit (IPDK) that is now an official sub-project of OPI governed by the Linux Foundation. IPDK is an open source framework of drivers and APIs for infrastructure offload and management that runs on a CPU, IPU, DPU or switch. In addition, NVIDIA DOCA, an open source software development framework for NVIDIA's BlueField DPU, will be contributed to OPI to help developers create applications that can be offloaded, accelerated, and isolated across DPUs, IPUs, and other hardware platforms.

For more information visit: https://opiproject.org; start contributing here: https://github.com/opiproject/opi.

**Founding Member Comments**

**_Geng Lin, EVP and Chief Technology Officer, F5  
_**"The emerging DPU market is a golden opportunity to reimagine how infrastructure services can be deployed and managed. With collective collaboration across many vendors representing both the silicon devices and the entire DPU software stack, an ecosystem is emerging that will provide a low friction customer experience and achieve portability of services across a DPU enabled infrastructure layer of next generation data centers, private clouds, and edge deployments."

**_Patricia Kummrow, CVP and GM, Ethernet Products Group, Intel  
_**Intel is committed to open software to advance collaborative and competitive ecosystems and is pleased to be a founding member of the Open Programmable Infrastructure project, as well as fully supportive of the Infrastructure Processor Development Kit (IPDK) as part of OPI. We look forward to advancing these tools, with the Linux Foundation, fulfilling the need for a programmable infrastructure across cloud, data center, communication and enterprise industries making it easier for developers to accelerate innovation and advance technological developments.

**_Ram Periakaruppan, VP and General Manager, Network Test and Security Solutions Group, Keysight Technologies  
_**"Programmable infrastructure built with DPUs/IPUs enables significant innovation for networking, security, storage and other areas in disaggregated cloud environments. As a founding member of the Open Programmable Infrastructure Project, we are committed to providing our test and validation expertise as we collaboratively develop and foster a standards-based open ecosystem that furthers infrastructure development, enabling cloud providers to maximize their investment."

**Cary Ussery, Vice President, Software and Support, Processors, Marvell  
**Data center operators across multiple industry segments are increasingly incorporating DPUs as an integral part of their infrastructure processing to offload complex workloads from general purpose to more robust compute platforms. Marvell strongly believes that software standardization in the ecosystem will significantly contribute to the success of workload acceleration solutions. As a founding member of the OPI Project, Marvell aims to address the need for standardization of software frameworks used in provisioning, lifecycle management, orchestration, virtualization and deployment of workloads.

**_Kevin Deierling, vice president of Networking at NVIDIA  
_**"The fundamental architecture of data centers is evolving to meet the demands of private and hyperscale clouds and AI, which require extreme performance enabled by DPUs such as the NVIDIA BlueField and open frameworks such as NVIDIA DOCA. These will support OPI to provide BlueField users with extreme acceleration, enabled by common, multi-vendor management and applications. NVIDIA is a founding member of the Linux Foundation's Open Programmable Infrastructure Project to continue pushing the boundaries of networking performance and accelerated data center infrastructure while championing open standards and ecosystems."

**_Erin Boyd, director of emerging technologies, Red Hat  
_**"As a founding member of the Open Programmable Infrastructure project, Red Hat is committed to helping promote, grow and collaborate on the emergent advantage that new hardware stacks can bring to the cloud-native community, and we believe that the formalization of OPI into the Linux Foundation is an important step toward achieving this in an open and transparent fashion. Establishing an open standards-based ecosystem will enable us to create fully programmable infrastructure, opening up new possibilities for better performance, consumption, and the ability to more easily manage unique hardware at scale."

**About the Linux Foundation**

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world's leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation's projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more. The Linux Foundation's methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: _www.linuxfoundation.org/trademark-usage_. Linux is a registered trademark of Linus Torvalds. Red Hat is a registered trademark of Red Hat, Inc. or its subsidiaries in the U.S. and other countries.

_Marvell Disclaimer: This press release contains forward-looking statements within the meaning of the federal securities laws that involve risks and uncertainties. Forward-looking statements include, without limitation, any statement that may predict, forecast, indicate or imply future events or achievements. Actual events or results may differ materially from those contemplated in this press release. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and no person assumes any obligation to update or revise any such forward-looking statements, whether as a result of new information, future events or otherwise._

Tag

#dell