multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
SUSE Linux | Security update for multipath-tools (important) | 24 Oct 202200:00 | – | suse |
SUSE Linux | Security update for multipath-tools (important) | 24 Oct 202200:00 | – | suse |
SUSE Linux | Security update for multipath-tools (important) | 24 Oct 202200:00 | – | suse |
OpenVAS | Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1477) | 9 Mar 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-2046) | 7 Jun 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for device-mapper-multipath (EulerOS-SA-2024-2262) | 22 Aug 202400:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-5366-1) | 3 Mar 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1413) | 7 Mar 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for device-mapper-multipath (EulerOS-SA-2023-1310) | 9 Feb 202300:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2022:3709-1) | 25 Oct 202200:00 | – | openvas |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo