Fedora 36 : device-mapper-multipath (2022-6ec78b2586)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6ec78b2586 advisory. Security fix for CVE-2022-41973 and CVE-2022-41974 Tenable has extracted the preceding description block directly from the Fedora security advisory...

PT-2022-36586 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.334 Description: The issue is related to a misbehavior in the dm ioctl when list versions races with module loading. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Amazon Linux 2 : device-mapper-multipath (ALAS-2022-1883)

The version of device-mapper-multipath installed on the remote host is prior to 0.4.9-136. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1883 advisory. multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or ...

Important: device-mapper-multipath

Issue Overview: multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to loc...

CentOS 7 : device-mapper-multipath (RHSA-2022:7186)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7186 advisory. - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local use...

CentOS: Security Advisory for device-mapper-multipath (CESA-2022:7186)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

device, kpartx, libdmmp security update

CentOS Errata and Security Advisory CESA-2022:7186 An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

device-mapper-multipath security update

0.8.7-12.1 - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133998...

Oracle Linux 9 : device-mapper-multipath (ELSA-2022-8453)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8453 advisory. 0.8.7-12.1 - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133998 Tenable has extracted the preceding description block...

device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

AlmaLinux 9 : device-mapper-multipath (ALSA-2022:8453)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:8453 advisory. - device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux CVE-2022-3787 Note that Nessus has not tested for this issue but has instea...

device-mapper-multipath security update

0.8.4-28.1 - Add 0111-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133995...

Oracle Linux 8 : device-mapper-multipath (ELSA-2022-7928)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7928 advisory. 0.8.4-28.1 - Add 0111-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133995 Tenable has extracted the preceding description block...

RHEL 9 : device-mapper-multipath (RHSA-2022:8453)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8453 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2022:8453 Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux CVE-2022-3787 For more details about the security issues, including the impac...

device-mapper-multipath security update

An update is available for device-mapper-multipath. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The device-mapper-multipath packages provide tools that use t...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

kernel: dm raid: fix KASAN warning in raid5_add_disks

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5adddisks There's a KASAN warning in raid5adddisk when running the LVM testsuite. The warning happens in the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fix the warning by...