multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

🗓️ 09 Nov 2022 08:00:00Reported by MicrosoftType

Multipath-tools symlink flaw lets users write outside /dev/shm and gain root (CVE-2022-41974).

Reporter	Title	Published	Views	Family All 272
0day.today	Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability	10 Dec 202200:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities	13 Feb 202313:10	–	ibm
ATTACKERKB	CVE-2022-41974	29 Oct 202219:15	–	attackerkb
ATTACKERKB	CVE-2022-41973	29 Oct 202218:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : device-mapper-multipath, device-mapper-multipath-devel, device-mapper-multipath-libs (ALAS2023-2023-126)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : device-mapper-multipath, device-mapper-multipath-devel, device-mapper-multipath-libs (ALAS2023-2023-141)	23 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : device-mapper-multipath (ALAS-2022-1883)	7 Dec 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0177: device-mapper-multipath (ALINUX3-SA-2022:0177)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0066: device-mapper-multipath (ALINUX3-SA-2023:0066)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : device-mapper-multipath (ALSA-2022:7185)	27 Oct 202200:00	–	nessus