Published: 29/10/2022 Updated: 25/11/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

multipath-tools 0.7.0 up to and including 0.9.x prior to 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensvc multipath-tools
fedoraproject fedora 36
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1022742 multipath-tools: CVE-2022-41973 CVE-2022-41974 Package: src:multipath-tools; Maintainer for src:multipath-tools is Debian DM Multipath Team <team+linux-blocks@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Oct 2022 20:21:02 UTC Severity: grav ...

Several security issues were fixed in multipath-tools ...

The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation Please refer to /usr/share/doc/multipath-tools/NEWSDebiangz for backwards-incompatible changes in this u ...

multipath-tools 070 through 09x before 092 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973 Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup This can lead to local privilege escalation to root This occurs because an attacker can ...

Synopsis Important: OpenShift Container Platform 41112 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41112 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impac ...

Synopsis Important: device-mapper-multipath security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 82 Extended Update SupportR ...

Synopsis Moderate: Red Hat Advanced Cluster Management 248 security fixes and container updates Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 248 GeneralAvailability release images, which fix security issuesRed Hat Product Security has rated this update as having a security impactof Mo ...

Synopsis Important: Red Hat Virtualization Host security update [ovirt-453-1] Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virt ...

Synopsis Important: OpenShift Container Platform 4853 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4853 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...

Synopsis Important: OpenShift Virtualization 497 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 497 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Description This CVE is under investigation by Red Hat Product Security ...

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd The authorization bypass was introduced in version 070 and the symlink vulnerability was introduced in version 077 ...

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to r ...

CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973

CVE-2022-3328 CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973 from: wwwqualyscom/2022/11/30/cve-2022-3328/advisory-snaptxt blogqualyscom/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328

CWE-269 https://github.com/opensvc/multipath-tools/releases/tag/0.9.2 http://www.openwall.com/lists/oss-security/2022/10/24/2 https://bugzilla.suse.com/show_bug.cgi?id=1202739 http://seclists.org/fulldisclosure/2022/Oct/25 http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html https://www.debian.org/security/2023/dsa-5366 https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/https://security.gentoo.org/glsa/202311-06 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022742 https://ubuntu.com/security/notices/USN-5731-1 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5366

Get Started

CVE-2022-41974

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect