Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-41973HistoryOct 29, 2022 - 6:15 p.m.
CVE-2022-41973
2022-10-2918:15:12
Alpine Linux Development Team
security.alpinelinux.org
20
multipath-tools symlink handling controlled writes outside directory privilege escalation root access local users cve-2022-41973 multipathd unix
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
10.1%
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.16-main | noarch | multipath-tools | =ย 0.8.9-r1 | UNKNOWN |
| Alpine | 3.15-main | noarch | multipath-tools | =ย 0.8.7-r0 | UNKNOWN |
| Alpine | 3.14-main | noarch | multipath-tools | =ย 0.8.6-r0 | UNKNOWN |
| Alpine | 3.13-main | noarch | multipath-tools | =ย 0.8.5-r0 | UNKNOWN |
Related
gentoo
gentoo
multipath-tools: Multiple Vulnerabilities
2023-11-25 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3250-1)
2022-12-30 00:00:00
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1042)
2023-01-09 00:00:00
Mageia: Security Advisory (MGASA-2024-0071)
2024-03-19 00:00:00
suse
suse
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
nessus
nessus
SUSE SLES12 Security Update : multipath-tools (SUSE-SU-2022:3713-1)
2022-10-25 00:00:00
EulerOS Virtualization 2.11.1 : multipath-tools (EulerOS-SA-2023-2046)
2023-06-07 00:00:00
EulerOS 2.0 SP11 : multipath-tools (EulerOS-SA-2023-1428)
2023-03-07 00:00:00
nvd
nvd
osv
osv
CVE-2022-41974
2022-10-29 19:15:10
multipath-tools vulnerabilities
2022-11-17 13:14:45
CVE-2022-41973
2022-10-29 18:15:12
cve
cve
redhatcve
redhatcve
prion
prion
Privilege escalation
2022-10-29 19:15:00
Privilege escalation
2022-10-29 18:15:00
Privilege escalation
2023-03-29 21:15:00
debian
debian
[SECURITY] [DSA 5366-1] multipath-tools security update
2023-03-01 11:29:12
[SECURITY] [DLA 3250-1] multipath-tools security update
2022-12-29 10:45:35
ubuntu
ubuntu
multipath-tools vulnerabilities
2022-11-17 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0476
2022-10-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2218
2023-08-22 08:47:43
f5
f5
K000133615 : device-mapper-multipath vulnerability CVE-2022-41974
2023-04-28 00:00:00
K000133058 : device-mapper-multipath vulnerability CVE-2022-41973
2023-03-18 00:00:00
ubuntucve
ubuntucve
CVE-2022-41974
2022-10-24 00:00:00
CVE-2022-41973
2022-10-24 00:00:00
packetstorm
packetstorm
Leeloo Multipath Authorization Bypass / Symlink Attack
2022-10-31 00:00:00
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36
2022-11-10 16:19:06
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2022-41974
2022-10-29 19:15:10
debiancve
debiancve
CVE-2022-41973
2022-10-29 18:15:12
CVE-2022-41974
2022-10-29 19:15:10
mageia
mageia
Updated multipath-tools packages fix security vulnerabilities
2024-03-18 19:12:23
hivepro
hivepro
Linux flaws could be chained together to achieve root access
2022-12-09 05:58:41
cloudfoundry
cloudfoundry
USN-5731-1: multipath-tools vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
amazon
amazon
Important: device-mapper-multipath
2022-12-01 20:31:00
qualysblog
qualysblog
Leeloo Multipath: Authorization bypass and symlink attack in multipathdย (CVE-2022-41974 and CVE-2022-41973)
2022-10-26 01:57:00
Snapd Race Condition Vulnerability in snap-confineโs must_mkdir_and_open_with_perms() (CVE-2022-3328)
2022-11-30 23:29:05
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
thn
thn
centos
centos
device, kpartx, libdmmp security update
2022-11-30 23:01:43
redhat
redhat
(RHSA-2024:1110) Moderate: device-mapper-multipath security update
2024-03-05 10:45:01
oraclelinux
oraclelinux
device-mapper-multipath security and bug fix update
2023-05-15 00:00:00
device-mapper-multipath security and bug fix update
2023-05-24 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
almalinux
almalinux
Moderate: device-mapper-multipath security and bug fix update
2023-05-16 00:00:00
Moderate: device-mapper-multipath security and bug fix update
2023-05-09 00:00:00
Important: device-mapper-multipath security update
2022-10-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-1
2024-07-06 16:06:12
CVE-2022-41973 affecting package device-mapper-multipath for versions less than 0.8.6-4
2023-01-17 16:46:46
CVE-2022-41974 affecting package device-mapper-multipath 0.8.6-1
2024-07-06 16:06:12
veracode
veracode
Privilege Escalation
2022-11-19 14:27:14
Authorization Bypass
2022-11-10 00:22:58
Privilege Escalation
2023-01-18 00:45:31
rocky
rocky
device-mapper-multipath security update
2022-10-25 14:41:37
device-mapper-multipath security update
2022-10-25 14:24:42
device-mapper-multipath security update
2022-11-15 15:35:59
redos
redos
ROS-20230217-01
2023-02-17 00:00:00
zdt
zdt
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
10.1%
Related for ALPINE:CVE-2022-41973