Rocky Linux 9 : device-mapper-multipath (RLSA-2022:8453)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8453 advisory. - A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjuncti...

EulerOS 2.0 SP5 : device-mapper-multipath (EulerOS-SA-2023-2140)

According to the versions of the device-mapper-multipath packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction...

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Privilege escalation

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Authorization Bypass

device-mapper-multipath is vulnerable to authorization bypass. The vulnerability exists because the library uses arithmetic ADD instead of bitwise OR, allowing an attacker to write to UNIX domain sockets and bypass access controls and manipulate the multipath setup by repeating a keyword...

SUSE SLED15: kpartx / libdmmp-devel / libdmmp0_2_0 / libmpath0 / multipath-tools / etc (SUSE-SU-2022:3711-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3711-1 advisory. - CVE-2022-41973: Fixed a symlink attack in multipathd. bsc1202739 - CVE-2022-41974: Fixed an...

CVE-2022-41974

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...