Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-41974HistoryOct 29, 2022 - 7:15 p.m.
CVE-2022-41974
2022-10-2919:15:10
Alpine Linux Development Team
security.alpinelinux.org
14
0.0004 Low
EPSS
Percentile
9.9%
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.16-main | noarch | multipath-tools | =ย 0.8.9-r1 | UNKNOWN |
| Alpine | 3.15-main | noarch | multipath-tools | =ย 0.8.7-r0 | UNKNOWN |
| Alpine | 3.14-main | noarch | multipath-tools | =ย 0.8.6-r0 | UNKNOWN |
| Alpine | 3.13-main | noarch | multipath-tools | =ย 0.8.5-r0 | UNKNOWN |
Related
nessus
nessus
EulerOS 2.0 SP11 : multipath-tools (EulerOS-SA-2023-1428)
2023-03-07 00:00:00
Oracle Linux 9 : device-mapper-multipath (ELSA-2023-2459)
2023-05-15 00:00:00
gentoo
gentoo
multipath-tools: Multiple Vulnerabilities
2023-11-25 00:00:00
osv
osv
CVE-2022-41973
2022-10-29 18:15:12
CVE-2022-41974
2022-10-29 19:15:10
Important: device-mapper-multipath security update
2022-10-25 14:41:37
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0071)
2024-03-19 00:00:00
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1042)
2023-01-09 00:00:00
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1677)
2023-04-27 00:00:00
prion
prion
Privilege escalation
2022-10-29 18:15:00
Privilege escalation
2022-10-29 19:15:00
Privilege escalation
2023-03-29 21:15:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36
2022-11-10 16:19:06
ubuntucve
ubuntucve
CVE-2022-41973
2022-10-24 00:00:00
CVE-2022-41974
2022-10-24 00:00:00
debiancve
debiancve
CVE-2022-41973
2022-10-29 18:15:12
CVE-2022-41974
2022-10-29 19:15:10
mageia
mageia
Updated multipath-tools packages fix security vulnerabilities
2024-03-18 19:12:23
photon
photon
Important Photon OS Security Update - PHSA-2022-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0476
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-0530
2022-10-24 00:00:00
f5
f5
K000133058 : device-mapper-multipath vulnerability CVE-2022-41973
2023-03-18 00:00:00
K000133615 : device-mapper-multipath vulnerability CVE-2022-41974
2023-04-28 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2218
2023-08-22 08:47:43
packetstorm
packetstorm
Leeloo Multipath Authorization Bypass / Symlink Attack
2022-10-31 00:00:00
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
alpinelinux
alpinelinux
CVE-2022-41973
2022-10-29 18:15:12
hivepro
hivepro
Linux flaws could be chained together to achieve root access
2022-12-09 05:58:41
qualysblog
qualysblog
Leeloo Multipath: Authorization bypass and symlink attack in multipathdย (CVE-2022-41974 and CVE-2022-41973)
2022-10-26 01:57:00
Snapd Race Condition Vulnerability in snap-confineโs must_mkdir_and_open_with_perms() (CVE-2022-3328)
2022-11-30 23:29:05
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
amazon
amazon
Important: device-mapper-multipath
2022-12-01 20:31:00
cloudfoundry
cloudfoundry
USN-5731-1: multipath-tools vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
redhatcve
redhatcve
debian
debian
[SECURITY] [DSA 5366-1] multipath-tools security update
2023-03-01 11:29:12
centos
centos
device, kpartx, libdmmp security update
2022-11-30 23:01:43
redhat
redhat
(RHSA-2024:1110) Moderate: device-mapper-multipath security update
2024-03-05 10:45:01
cbl_mariner
cbl_mariner
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-1
2024-06-03 03:07:42
CVE-2022-41973 affecting package device-mapper-multipath for versions less than 0.8.6-4
2023-01-17 16:46:46
CVE-2022-41974 affecting package device-mapper-multipath 0.8.6-1
2024-06-03 03:07:42
almalinux
almalinux
Moderate: device-mapper-multipath security and bug fix update
2023-05-16 00:00:00
Moderate: device-mapper-multipath security and bug fix update
2023-05-09 00:00:00
Important: device-mapper-multipath security update
2022-10-25 00:00:00
cve
cve
veracode
veracode
Privilege Escalation
2022-11-19 14:27:14
Authorization Bypass
2022-11-10 00:22:58
Privilege Escalation
2023-01-18 00:45:31
oraclelinux
oraclelinux
device-mapper-multipath security and bug fix update
2023-05-24 00:00:00
device-mapper-multipath security and bug fix update
2023-05-15 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
rocky
rocky
device-mapper-multipath security update
2022-10-25 14:41:37
device-mapper-multipath security update
2022-10-25 14:24:42
device-mapper-multipath security update
2022-11-15 15:35:59
thn
thn
redos
redos
ROS-20230217-01
2023-02-17 00:00:00
zdt
zdt
ibm
ibm