Published: 29/03/2023 Updated: 06/04/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat device-mapper-multipath -
redhat enterprise linux 9.1
redhat enterprise linux 8.7

Synopsis Important: device-mapper-multipath security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8Red Hat Product Security ha ...

Synopsis Important: device-mapper-multipath security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9Red Hat Product Security ha ...

Synopsis Moderate: RHSA: Submariner 014 - bug fix and security updates Type/Severity Security Advisory: Moderate Topic Submariner 014 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 27Red Hat Product Security has rated this update as having a ...

Synopsis Moderate: RHSA: Submariner 0133 - security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Submariner 0133 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 26Red Hat Product Security has rated this update as hav ...

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 601 releaseRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a detail ...

Synopsis Important: OpenShift Virtualization 4120 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 412 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Description This CVE is under investigation by Red Hat Product Security ...

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=2138959 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:7928 https://access.redhat.com/security/cve/cve-2022-3787

CVE-2022-3787

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect