CVE-2022-41974Improper Privilege Management in Multipath-tools

CWE-269Improper Privilege ManagementCWE-59Link FollowingCWE-285Improper Authorization23 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Opensvc Multipath-toolsDebian Multipath-toolsDebian Linux+5 more
Timeline
PublishedOct 29
Latest updateApr 15

Description

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

debiandebian/multipath-tools< multipath-tools 0.9.4-1 (bookworm)
NVDopensvc/multipath-tools0.7.70.9.2+1
Debianopensvc/multipath-tools< 0.8.5-2+deb11u1+3
Ubuntuopensvc/multipath-tools< 0.7.4-2ubuntu3.2+2

Also affects: Debian Linux 10.0, 11.0, Fedora 36

🔴Vulnerability Details

5
OSV
multipath-tools vulnerabilities2022-11-17
GHSA
GHSA-46cw-54vx-86g5: multipath-tools 02022-10-30
GHSA
GHSA-6c7c-85qv-wvgp: multipath-tools 02022-10-29
OSV
CVE-2022-41973: multipath-tools 02022-10-29
OSV
CVE-2022-41974: multipath-tools 02022-10-29

📋Vendor Advisories

9
CISA ICS
ABB M2M Gateway2025-04-15
Ubuntu
multipath-tools vulnerabilities2022-11-17
Red Hat
device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux2022-11-07
Red Hat
device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack2022-10-24
Red Hat
device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket2022-10-24

🕵️Threat Intelligence

7
Qualys
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) | Qualys2022-11-30
Qualys
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328)2022-11-30
Qualys
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities With 10 Critical; Adobe Releases Zero Advisories (for the First Time in Six Years).2022-11-08
Qualys
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities With 10 Critical; Adobe Releases Zero Advisories (for the First Time in Six Years). | Qualys2022-11-08
Qualys
Qualys Research Team: Threat Thursdays, October 2022 | Qualys2022-10-28