Debian: DLA-3251-1 High Risk: libxml2 Code Execution Vulnerability
debian lts
December 29, 2022
Multiple issues were found in multipath-tools, a tool-chain to manage disk multipath device maps, which may be used by local attackers to obtain root privileges or create a directo...
Topics Covered
Summary
Please note that the fix for CVE-2022-41973 involves switching from
/dev/shm to systemd-tmpfiles (/run/multipath-tools).
If you have previously accesssed /dev/shm directly, please update your
setup to the new path to facilitate this change.
CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to
obtain root access, as exploited in conjunction with CVE-2022-41974.
Local users able to access /dev/shm can change symlinks in multipathd
due to incorrect symlink handling, which could lead to controlled file
writes outside of the /dev/shm directory. This could be used indirectly
for local privilege escalation to root.
CVE-2022-41974
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to
obtain root access, as exploited alone or in conjunction with
CVE-2022-41973. Local users able to write to UNIX domain sockets can
bypass access controls and manipulate the multipath setup. This can lead
PREVIOUS
NEXT
Package: multipath-tools
Version: 0.7.9-3+deb10u2
CVE ID: CVE-2022-41973 CVE-2022-41974
Debian Bug: 1022742
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!