Headline
Red Hat Security Advisory 2023-2948-01
Red Hat Security Advisory 2023-2948-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include an insecure handling vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: device-mapper-multipath security and bug fix update
Advisory ID: RHSA-2023:2948-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2948
Issue date: 2023-05-16
CVE Names: CVE-2022-41973
====================================================================
- Summary:
An update for device-mapper-multipath is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The device-mapper-multipath packages provide tools that use the
device-mapper multipath kernel module to manage multipath devices.
Security Fix(es):
- device-mapper-multipath: multipathd: insecure handling of files in
/dev/shm leading to symlink attack (CVE-2022-41973)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2110485 - when running iscsiadm login and quick logout the logout didn’t run as expected
2123446 - [RHEL8.4] system hung at Started cancel waiting for multipath siblings of x [rhel-8.8.0]
2123894 - CVE-2022-41973 device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
2126714 - Multipath segfault after running newest patched version
2128885 - Race condition causes kpartx to create a dm device which uses itself as part of the target, creating an infinite recursion
2141996 - There is no historical-service-time path selector in multipath.conf man page
2155560 - multipath doesn’t verify the argument count in config option strings it passes to the kernel
2166468 - multipath devices that need both a table reload and a rename only get renamed on multipathd startup
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
device-mapper-multipath-0.8.4-37.el8.src.rpm
aarch64:
device-mapper-multipath-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-debuginfo-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-libs-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.aarch64.rpm
kpartx-0.8.4-37.el8.aarch64.rpm
kpartx-debuginfo-0.8.4-37.el8.aarch64.rpm
libdmmp-0.8.4-37.el8.aarch64.rpm
libdmmp-debuginfo-0.8.4-37.el8.aarch64.rpm
ppc64le:
device-mapper-multipath-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-debuginfo-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-libs-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.ppc64le.rpm
kpartx-0.8.4-37.el8.ppc64le.rpm
kpartx-debuginfo-0.8.4-37.el8.ppc64le.rpm
libdmmp-0.8.4-37.el8.ppc64le.rpm
libdmmp-debuginfo-0.8.4-37.el8.ppc64le.rpm
s390x:
device-mapper-multipath-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-debuginfo-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-libs-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.s390x.rpm
kpartx-0.8.4-37.el8.s390x.rpm
kpartx-debuginfo-0.8.4-37.el8.s390x.rpm
libdmmp-0.8.4-37.el8.s390x.rpm
libdmmp-debuginfo-0.8.4-37.el8.s390x.rpm
x86_64:
device-mapper-multipath-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-debuginfo-0.8.4-37.el8.i686.rpm
device-mapper-multipath-debuginfo-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.i686.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-libs-0.8.4-37.el8.i686.rpm
device-mapper-multipath-libs-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.i686.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.x86_64.rpm
kpartx-0.8.4-37.el8.x86_64.rpm
kpartx-debuginfo-0.8.4-37.el8.i686.rpm
kpartx-debuginfo-0.8.4-37.el8.x86_64.rpm
libdmmp-0.8.4-37.el8.i686.rpm
libdmmp-0.8.4-37.el8.x86_64.rpm
libdmmp-debuginfo-0.8.4-37.el8.i686.rpm
libdmmp-debuginfo-0.8.4-37.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
device-mapper-multipath-debuginfo-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-devel-0.8.4-37.el8.aarch64.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.aarch64.rpm
kpartx-debuginfo-0.8.4-37.el8.aarch64.rpm
libdmmp-debuginfo-0.8.4-37.el8.aarch64.rpm
ppc64le:
device-mapper-multipath-debuginfo-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-devel-0.8.4-37.el8.ppc64le.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.ppc64le.rpm
kpartx-debuginfo-0.8.4-37.el8.ppc64le.rpm
libdmmp-debuginfo-0.8.4-37.el8.ppc64le.rpm
s390x:
device-mapper-multipath-debuginfo-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-devel-0.8.4-37.el8.s390x.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.s390x.rpm
kpartx-debuginfo-0.8.4-37.el8.s390x.rpm
libdmmp-debuginfo-0.8.4-37.el8.s390x.rpm
x86_64:
device-mapper-multipath-debuginfo-0.8.4-37.el8.i686.rpm
device-mapper-multipath-debuginfo-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.i686.rpm
device-mapper-multipath-debugsource-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-devel-0.8.4-37.el8.i686.rpm
device-mapper-multipath-devel-0.8.4-37.el8.x86_64.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.i686.rpm
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.x86_64.rpm
kpartx-debuginfo-0.8.4-37.el8.i686.rpm
kpartx-debuginfo-0.8.4-37.el8.x86_64.rpm
libdmmp-debuginfo-0.8.4-37.el8.i686.rpm
libdmmp-debuginfo-0.8.4-37.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-41973
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZGNurtzjgjWX9erEAQh1NBAAjFEezuYNzkff7HhFepe9UFCcgjFd6G4K
3xgCjuaECViFZMNtRwoasbVVSez9ZTARyq+uDXVi8B/YbpBYNwh7700BD9ySiqBZ
0ISV00BUXTu957vIiuQxJaKI4tX4dcllllRyN5TW29Ura3bzsYKaNUlx3sypw7oS
6qcJ+PKrg+DA9+SkfF27EEHilEp6ob/lD58Fbp8rtzfexsY0c1/qr0xOr/84oBfN
GHGQvPjM6ofpYZemz4ANkqTaoX5PXpYmSzJXQwzuT54pejckliAni8PyhQ1Ev9/y
dEb/hFnhQkZMW01xqg/tLXSo088IdyQ4WmmKfhRQBT/yvr3VapX555SrBGS+TzgA
3w+u9CSKH3dDvU3xIei1+LdPvc1mZsyXTS70GD4OnPYdHlVLpDKMeJpZN9gX0WY5
+pu4oMlQoF8KcGW9K3EV56C5k6oF+jOvC4ri/MN3zVxeMk3c8PpyjavWyVsIsuQQ
kzavaqKSZ4reMURpSx0ydBd/AsnXbCXuir6exaUNXJBtZsK097vKZDCkxR9N1Gqa
eTd5DzjaB4THLwDpaOK83IF3GzFDPxqE5okd5nGjP8qsfKHloCrUiHlmK/zkBL8t
615pqJrZu9AgN40da6VWpRNdjPg6S+hh7HnwFln3T2YD557QT4OfNTiindWh+kn1
SeixpAMu2Cc=rOow
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...
Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of th...
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of th...
Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "
Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.