device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

ALSA-2022:8453 Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

AlmaLinux 8 : device-mapper-multipath (ALSA-2022:7928)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:7928 advisory. - device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux CVE-2022-3787 Note that Nessus has not tested for this issue but has instea...

RHEL 8 : device-mapper-multipath (RHSA-2022:7928)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7928 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

device-mapper-multipath security update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The device-mapper-multipath packages provide tools that use t...

RLSA-2022:7928 Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux CVE-2022-3787 For more details about the security issues, including the impac...

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

ALSA-2022:7928 Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

Fedora: Security Advisory for device-mapper-multipath (FEDORA-2022-6ec78b2586)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36

device-mapper-multipath provides tools to manage multipath devices by instructing the device-mapper multipath kernel module what to do. The tools are : multipath - Scan the system for multipath devices and assemble them. multipathd - Detects when paths fail and execs multipath to update things...

Authorization Bypass

device-mapper-multipath is vulnerable to authorization bypass. The vulnerability exists because the library uses arithmetic ADD instead of bitwise OR, allowing an attacker to write to UNIX domain sockets and bypass access controls and manipulate the multipath setup by repeating a keyword...

kernel: dm raid: fix address sanitizer warning in raid_status

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidstatus There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsiraid...

kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c

A flaw was found in the Linux kernel, where it is possible to modify read-only files due to a missing permission check. This flaw can lead to local privilege escalation...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

kernel: dm raid: fix address sanitizer warning in raid_resume

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidresume There is a KASAN warning in raidresume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev-raiddisks is greater than rs-raiddisks, so the loop...

kernel: Linux kernel: Device Mapper RAID out-of-bounds access

A flaw was found in the Linux kernel's device mapper dm RAID component. This vulnerability allows an attacker to cause an out-of-bounds memory access via loading a crafted dm-raid table. This may lead to a crash...

kernel: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback

In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dmpoolregistermetadatathreshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...