Lucene search
HiveForce LabHIVEPRO:6B44B3353C8810E1A5A351560A960CD7HistoryDec 09, 2022 - 5:58 a.m.
Linux flaws could be chained together to achieve root access
2022-12-0905:58:41
HiveForce Lab
www.hivepro.com
12
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities (CVE-2022-41974 and CVE-2022-41973) can either be exploited individually or in combination to lead to local privilege escalation, the first potentially causing a symlink attack and the second causing an authorization bypass.
Related
suse
suse
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
nessus
nessus
Rocky Linux 8 : device-mapper-multipath (RLSA-2022:7192)
2022-11-17 00:00:00
Oracle Linux 9 : device-mapper-multipath (ELSA-2023-2459)
2023-05-15 00:00:00
EulerOS Virtualization 2.11.1 : multipath-tools (EulerOS-SA-2023-2046)
2023-06-07 00:00:00
cve
cve
gentoo
gentoo
multipath-tools: Multiple Vulnerabilities
2023-11-25 00:00:00
osv
osv
CVE-2022-41974
2022-10-29 19:15:10
CVE-2022-41973
2022-10-29 18:15:12
multipath-tools vulnerabilities
2022-11-17 13:14:45
openvas
openvas
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1677)
2023-04-27 00:00:00
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1042)
2023-01-09 00:00:00
Debian: Security Advisory (DLA-3250-1)
2022-12-30 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0476
2022-10-24 00:00:00
f5
f5
K000133058 : device-mapper-multipath vulnerability CVE-2022-41973
2023-03-18 00:00:00
K000133615 : device-mapper-multipath vulnerability CVE-2022-41974
2023-04-28 00:00:00
packetstorm
packetstorm
Leeloo Multipath Authorization Bypass / Symlink Attack
2022-10-31 00:00:00
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
alpinelinux
alpinelinux
CVE-2022-41973
2022-10-29 18:15:00
CVE-2022-41974
2022-10-29 19:15:00
debian
debian
[SECURITY] [DLA 3250-1] multipath-tools security update
2022-12-29 10:45:35
[SECURITY] [DSA 5366-1] multipath-tools security update
2023-03-01 11:29:12
rosalinux
rosalinux
Advisory ROSA-SA-2023-2218
2023-08-22 08:47:43
ubuntucve
ubuntucve
CVE-2022-41974
2022-10-24 00:00:00
CVE-2022-41973
2022-10-24 00:00:00
ubuntu
ubuntu
multipath-tools vulnerabilities
2022-11-17 00:00:00
prion
prion
Privilege escalation
2022-10-29 19:15:00
Privilege escalation
2022-10-29 18:15:00
Privilege escalation
2023-03-29 21:15:00
redhatcve
redhatcve
mageia
mageia
Updated multipath-tools packages fix security vulnerabilities
2024-03-18 19:12:23
fedora
fedora
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36
2022-11-10 16:19:06
debiancve
debiancve
CVE-2022-41973
2022-10-29 18:15:00
CVE-2022-41974
2022-10-29 19:15:00
qualysblog
qualysblog
Leeloo Multipath: Authorization bypass and symlink attack in multipathdΒ (CVE-2022-41974 and CVE-2022-41973)
2022-10-26 01:57:00
Snapd Race Condition Vulnerability in snap-confineβs must_mkdir_and_open_with_perms() (CVE-2022-3328)
2022-11-30 23:29:05
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
amazon
amazon
Important: device-mapper-multipath
2022-12-01 20:31:00
cloudfoundry
cloudfoundry
USN-5731-1: multipath-tools vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
thn
thn
centos
centos
device, kpartx, libdmmp security update
2022-11-30 23:01:43
almalinux
almalinux
Moderate: device-mapper-multipath security and bug fix update
2023-05-16 00:00:00
Moderate: device-mapper-multipath security and bug fix update
2023-05-09 00:00:00
Important: device-mapper-multipath security update
2022-10-25 00:00:00
redhat
redhat
(RHSA-2024:1110) Moderate: device-mapper-multipath security update
2024-03-05 10:45:01
cbl_mariner
cbl_mariner
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-1
2024-04-26 21:08:17
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-3
2023-01-17 16:46:46
CVE-2022-41974 affecting package device-mapper-multipath 0.8.6-1
2024-04-26 21:08:17
oraclelinux
oraclelinux
device-mapper-multipath security and bug fix update
2023-05-15 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
veracode
veracode
Privilege Escalation
2022-11-19 14:27:14
Authorization Bypass
2022-11-10 00:22:58
Privilege Escalation
2023-01-18 00:45:31
rocky
rocky
device-mapper-multipath security update
2022-10-25 14:41:37
device-mapper-multipath security update
2022-10-25 14:24:42
device-mapper-multipath security update
2022-11-15 15:35:59
redos
redos
ROS-20230217-01
2023-02-17 00:00:00
zdt
zdt
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Related for HIVEPRO:6B44B3353C8810E1A5A351560A960CD7