device-mapper-multipath security update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The device-mapper-multipath packages provide tools that use t...

RLSA-2022:7928 Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux CVE-2022-3787 For more details about the security issues, including the impac...

ALSA-2022:7928 Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

OESA-2022-2060 qt5-qtbase security update

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fixes: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and...

Fedora: Security Advisory for device-mapper-multipath (FEDORA-2022-6ec78b2586)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36

device-mapper-multipath provides tools to manage multipath devices by instructing the device-mapper multipath kernel module what to do. The tools are : multipath - Scan the system for multipath devices and assemble them. multipathd - Detects when paths fail and execs multipath to update things...

Authorization Bypass

device-mapper-multipath is vulnerable to authorization bypass. The vulnerability exists because the library uses arithmetic ADD instead of bitwise OR, allowing an attacker to write to UNIX domain sockets and bypass access controls and manipulate the multipath setup by repeating a keyword...

webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution

A heap buffer overflow vulnerability was found in WebKitGTK. The vulnerability occurs when processing or rendering HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a heap buffer overflow error and leading to the...

kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c

A flaw was found in the Linux kernel, where it is possible to modify read-only files due to a missing permission check. This flaw can lead to local privilege escalation...

kernel: dm raid: fix address sanitizer warning in raid_status

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidstatus There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsiraid...

kernel: dm raid: fix address sanitizer warning in raid_resume

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidresume There is a KASAN warning in raidresume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev-raiddisks is greater than rs-raiddisks, so the loop...

kernel: Linux kernel: Device Mapper RAID out-of-bounds access

A flaw was found in the Linux kernel's device mapper dm RAID component. This vulnerability allows an attacker to cause an out-of-bounds memory access via loading a crafted dm-raid table. This may lead to a crash...

kernel: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback

In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dmpoolregistermetadatathreshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

device-mapper-multipath 安全漏洞

Red Hat device-mapper-multipath is a device mapper multipath from Red Hat, Inc. It allows you to configure multiple I/O paths between server nodes and storage arrays into a single device. A security vulnerability exists in device-mapper-multipath. An attacker exploited the vulnerability to gain...

PT-2023-13556 · Unknown +4 · Device-Mapper-Multipath +4

Name of the Vulnerable Software and Affected Versions: device-mapper-multipath affected versions not specified Description: A local privilege escalation issue exists, allowing local users to obtain root access by exploiting a flaw in the handling of UNIX domain sockets. This can be achieved by...