Astra Linux – Vulnerability in multipath-tools

In versions of multipath-tools from 0.7.0 to 0.9.x, up to 0.9.2, local users could obtain root access, either alone or in conjunction with CVE-2022-41973. Local users who had access to write to UNIX domain sockets could bypass access controls and manipulate the multipath setup. This could result ...

Astra Linux – Vulnerability in multipath-tools

Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: multipath-tools (UTSA-2025-680597)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680597 advisory. multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: multipath-tools (UTSA-2025-680596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680596 advisory. multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to acces...

EUVD-2022-45078

Malicious code in bioql PyPI...

EUVD-2022-45077

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-41974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users...

TencentOS Server 4: device-mapper-multipath (TSSA-2024:0299)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0299 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

ABB M2M Gateway Improper Privilege Management in embedded Device-mapper-multipath (CVE-2022-41974)

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

Advisory ROSA-SA-2024-2520

Software: device-mapper-multipath 0.8.4 OS: ROSA Virtualization 2.1 packageevrstring: device-mapper-multipath-0.8.4-22 CVE-ID: CVE-2022-41974 BDU-ID: 2022-06669 CVE-Crit: HIGH CVE-DESC.: A vulnerability in multipath-tools multipath-tools driver management software is related to privilege manageme...

Huawei EulerOS: Security Advisory for device-mapper-multipath (EulerOS-SA-2024-2262)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0071)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated multipath-tools packages fix security vulnerabilities

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

RHEL 8 : device-mapper-multipath (RHSA-2024:1110)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1110 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

The vulnerability of software for managing drivers in Multipath-tools systems allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of software for managing drivers in Multipath-tools-based access systems is related to incorrect definition of symbolic links before accessing files. Exploiting this vulnerability can allow attackers to gain access to confidential data, compromise its integrity, and cause servic...

GLSA-202311-06 : multipath-tools: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-06 multipath-tools: Multiple Vulnerabilities - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm...

Rocky Linux 9 : device-mapper-multipath (RLSA-2022:7185)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7185 advisory. - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local user...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10055)

The version of AHV installed on the remote host is prior to 20220304.10055. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10055 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S...

Advisory ROSA-SA-2023-2218

software: multipath-tools 0.8.9 WASP: ROSA-CHROME packageevrstring: multipath-tools-0.8.9-3.src.rpm CVE-ID: CVE-2022-41973 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: multipath-tools 0.7.7 to 0.9.x to 0.9.2 allows local users to gain root access as used in conjunction with CVE-2022-41974. Local users...

EulerOS Virtualization 3.0.6.6 : device-mapper-multipath (EulerOS-SA-2023-2420)

According to the versions of the device-mapper-multipath packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or...