768 matches found
Important: device-mapper-multipath
Issue Overview: multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to loc...
CentOS: Security Advisory for device-mapper-multipath (CESA-2022:7186)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS 7 : device-mapper-multipath (RHSA-2022:7186)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7186 advisory. - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local use...
device, kpartx, libdmmp security update
CentOS Errata and Security Advisory CESA-2022:7186 An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
device-mapper-multipath security update
0.8.7-12.1 - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133998...
Oracle Linux 9 : device-mapper-multipath (ELSA-2022-8453)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8453 advisory. 0.8.7-12.1 - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133998 Tenable has extracted the preceding description block...
device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...
AlmaLinux 9 : device-mapper-multipath (ALSA-2022:8453)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:8453 advisory. - device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux CVE-2022-3787 Note that Nessus has not tested for this issue but has instea...
device-mapper-multipath security update
0.8.4-28.1 - Add 0111-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133995...
Oracle Linux 8 : device-mapper-multipath (ELSA-2022-7928)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7928 advisory. 0.8.4-28.1 - Add 0111-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133995 Tenable has extracted the preceding description block...
RHEL 9 : device-mapper-multipath (RHSA-2022:8453)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8453 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...
Important: Red Hat Security Advisory: device-mapper-multipath security update
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...
RLSA-2022:8453 Important: device-mapper-multipath security update
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux CVE-2022-3787 For more details about the security issues, including the impac...
device-mapper-multipath security update
An update is available for device-mapper-multipath. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The device-mapper-multipath packages provide tools that use t...
kernel: LoadPin bypass via dm-verity table reload
A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...
kernel: dm raid: fix KASAN warning in raid5_add_disks
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5adddisks There's a KASAN warning in raid5adddisk when running the LVM testsuite. The warning happens in the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fix the warning by...
kernel: dm: fix use-after-free in dm_cleanup_zoned_dev()
In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses queue, so it must be called before blkcleanupdisk starts its killing: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...
kernel: LoadPin bypass via dm-verity table reload
A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...
device-mapper-persistent-data bug fix and enhancement update
An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...