2 matches found
CVE-2022-41974
CVE-2022-41974 affects device-mapper-multipath 0.7.0–0.9.x prior to 0.9.2. The issue enables local users to escalate to root by exploiting insecure handling of a keyword in multipathd along with possible association with CVE-2022-41973, or via symlink-related flaws when/if privileged actions occu...
CVE-2022-41973
CVE-2022-41973 affects device-mapper-multipath (versions 0.7.7–0.9.x before 0.9.2). The vulnerability stems from incorrect symlink handling in multipathd that allows local users with /dev/shm access to modify symlinks, enabling controlled file writes outside /dev/shm and potentially leading to lo...