Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.
63195caeb1700e3984a26a911b340418b6255d4604193db4aa5e182c66a21b28Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.
449a42da9bb4b8caeb5d67f7cec2a182bd6252f94c98c628487a48466106f6b0Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
ae9802d4db6010e09c5ca96ad72cd8f9bb70aff4d7af8a1ec00cebd3203d1f95Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.
092c3af8cb2fa6d019d0f9746a7c7698aa832e8eb4f69aef485c4e5a55611aadRed Hat Security Advisory 2022-8598-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities.
87a90dba5877135f592e7fac3e437f62fc8129797e43ffcbcdc48798f34760ebUbuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
9624ae8fb4d6e0770272c04b66838bae629e7de815fff8a5dfa0edc820f31a3aThe Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
9fd49ad2d42596cc152f6771bcdd491b37e2986a01a0b0cdb2f997469ee1fdecRed Hat Security Advisory 2022-7191-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
13099de012b04e0632ce15256132ec7c87db4de40f438c17def2ae26e1f15784Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
7199a8c1a05f86f003cb8b38b54be2dc261dbf75835b745ba6b9930cb8462a05Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
bca824d8b983eea91f25d0299cc2b41860d96575de47c572241cd73a9b0df5ebRed Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
c96797a13593c18bf13382ba640630085c4a0bc38281dcbb0c905dca414aec68Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
3cc6a14b52e3c553b72bfa87a7c08c29b518be4252bd21c78db9405051828138Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
9888b796be413ba372bf4f3f207c1af954c8f71ba9c67b915784484ae8924486
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed