CVE 2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Related bugs and status
CVE-2022-41973 (Candidate) is related to these bugs:
Bug #1961633: Consider dropping d/p/kpartx-Improve-finding-loopback-device-by-file.patch
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1961633 | Consider dropping d/p/kpartx-Improve-finding-loopback-device-by-file.patch | multipath-tools (Ubuntu) | Medium | Fix Released |
Bug #2000186: update fails on cloud server (invoke-rc.d restart failed) when using an unsupported kernel
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2000186 | update fails on cloud server (invoke-rc.d restart failed) when using an unsupported kernel | multipath-tools (Ubuntu) | Undecided | Fix Released | ||
2000186 | update fails on cloud server (invoke-rc.d restart failed) when using an unsupported kernel | multipath-tools (Ubuntu Focal) | High | Fix Released | ||
2000186 | update fails on cloud server (invoke-rc.d restart failed) when using an unsupported kernel | multipath-tools (Ubuntu Jammy) | High | Fix Released | ||
2000186 | update fails on cloud server (invoke-rc.d restart failed) when using an unsupported kernel | multipath-tools (Ubuntu Kinetic) | High | Won't Fix | ||
2000186 | update fails on cloud server (invoke-rc.d restart failed) when using an unsupported kernel | multipath-tools (Ubuntu Lunar) | Undecided | Fix Released |
Bug #2018051: Merge multipath-tools from Debian unstable for mantic
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2018051 | Merge multipath-tools from Debian unstable for mantic | multipath-tools (Ubuntu) | High | Fix Released |
Bug #2020720: [Debian] CVE: CVE-2022-41973/CVE-2022-41974: multipath-tools: multiple CVEs
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2020720 | [Debian] CVE: CVE-2022-41973/CVE-2022-41974: multipath-tools: multiple CVEs | StarlingX | High | Fix Released |
Bug #2026881: mpathpersist scsi3 pgr broken
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2026881 | mpathpersist scsi3 pgr broken | multipath-tools (Ubuntu) | Undecided | Fix Released | ||
2026881 | mpathpersist scsi3 pgr broken | multipath-tools (Ubuntu Jammy) | Undecided | Fix Released | ||
2026881 | mpathpersist scsi3 pgr broken | multipath-tools (Ubuntu Mantic) | Undecided | Fix Released | ||
2026881 | mpathpersist scsi3 pgr broken | multipath-tools (Ubuntu Lunar) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.