[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36

device-mapper-multipath provides tools to manage multipath devices by instructing the device-mapper multipath kernel module what to do. The tools are : multipath - Scan the system for multipath devices and assemble them. multipathd - Detects when paths fail and execs multipath to update things...

Authorization Bypass

device-mapper-multipath is vulnerable to authorization bypass. The vulnerability exists because the library uses arithmetic ADD instead of bitwise OR, allowing an attacker to write to UNIX domain sockets and bypass access controls and manipulate the multipath setup by repeating a keyword...

kernel: Linux kernel: Device Mapper RAID out-of-bounds access

A flaw was found in the Linux kernel's device mapper dm RAID component. This vulnerability allows an attacker to cause an out-of-bounds memory access via loading a crafted dm-raid table. This may lead to a crash...

kernel: dm raid: fix address sanitizer warning in raid_status

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidstatus There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsiraid...

kernel: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback

In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dmpoolregistermetadatathreshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by...

kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c

A flaw was found in the Linux kernel, where it is possible to modify read-only files due to a missing permission check. This flaw can lead to local privilege escalation...

kernel: dm raid: fix address sanitizer warning in raid_resume

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidresume There is a KASAN warning in raidresume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev-raiddisks is greater than rs-raiddisks, so the loop...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

device-mapper-multipath 安全漏洞

Red Hat device-mapper-multipath is a device mapper multipath from Red Hat, Inc. It allows you to configure multiple I/O paths between server nodes and storage arrays into a single device. A security vulnerability exists in device-mapper-multipath. An attacker exploited the vulnerability to gain...

PT-2023-13556 · Unknown +4 · Device-Mapper-Multipath +4

Name of the Vulnerable Software and Affected Versions: device-mapper-multipath affected versions not specified Description: A local privilege escalation issue exists, allowing local users to obtain root access by exploiting a flaw in the handling of UNIX domain sockets. This can be achieved by...

Scientific Linux Security Update : device-mapper-multipath on SL7.x i686/x86_64 (2022:7186)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:7186-1 advisory. - device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 Note that Ness...

SUSE-SU-2022:3810-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel rt was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. bnc1203514 - CVE-2022-3169: Fixed a denial of service flaw whic...

AZL-11373 CVE-2022-41974 affecting package device-mapper-multipath for versions less than 0.8.6-4

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

AZL-11371 CVE-2022-41973 affecting package device-mapper-multipath for versions less than 0.8.6-4

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

RHEL 8 : device-mapper-multipath (RHSA-2022:7191)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7191 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...