Headline
RHSA-2023:2459: Red Hat Security Advisory: device-mapper-multipath security and bug fix update
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Synopsis
Moderate: device-mapper-multipath security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
Security Fix(es):
- device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2123894 - CVE-2022-41973 device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
- BZ - 2125357 - when running iscsiadm login and quick logout the logout didn’t run as expected
- BZ - 2141860 - Race condition causes kpartx to create a dm device which uses itself as part of the target, creating an infinite recursion
- BZ - 2143125 - path selector “io-affinity” does not work on RHEL9.2
- BZ - 2145225 - multipath doesn’t verify the argument count in config option strings it passes to the kernel
- BZ - 2166467 - multipath devices that need both a table reload and a rename only get renamed on multipathd startup
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
device-mapper-multipath-0.8.7-20.el9.src.rpm
SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069
x86_64
device-mapper-multipath-0.8.7-20.el9.x86_64.rpm
SHA-256: be7582b39edc1ded644d69c75d7333e4d109effbd1bd013973d08afb7b1661b5
device-mapper-multipath-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: c0818218c1dc67842ea63c7f58edd750483f04ce18f631bd98e3f34f020093e1
device-mapper-multipath-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: ba85a7286dca68ad8c941cc4811d88963c3314f2d10582c51ab142be39794701
device-mapper-multipath-debugsource-0.8.7-20.el9.i686.rpm
SHA-256: b1d337efc571e9f7f21e6209871a0c8e44718065d89a0e79fe304febf5e2dc98
device-mapper-multipath-debugsource-0.8.7-20.el9.x86_64.rpm
SHA-256: 6eca8d1a11d8ec1b4c3358466cd3a2d74fc711572030301e355213ab9eadf631
device-mapper-multipath-libs-0.8.7-20.el9.i686.rpm
SHA-256: 3c931531ae832965b286e986b8e4263d9962980ab74ac522f91841699741f60c
device-mapper-multipath-libs-0.8.7-20.el9.x86_64.rpm
SHA-256: 3a1f26bac582511ff9f6ffd029dde158f58b17dae7bd0cbc8e13eca50a2fa3f3
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: 9375565ac2988a9cb5af2a09c910cbad120bdf7ea99e27b14a31c170ad0d8f69
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: 744c4cbd862712317e83841a938ec3b63cdfc3d2c94674dcc88bc3139e656162
kpartx-0.8.7-20.el9.x86_64.rpm
SHA-256: eec85aa43fddce03ff4b5a59ef6b188f5d1fff3a0b8a0c350ccf4416eaa7aba0
kpartx-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: 7d098e40cb734d714c9f57bdc27f1e8cba3552a3fa1885c212607d83f96dac3d
kpartx-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: e83f646e088b1ba213ef269fceadd339effd3c1a2af331603c74fcc1b57f5e3c
libdmmp-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: 4789f2685ec13e8ac17c1204824748bfcd0fe9f23f1d76ae736422165222fac8
libdmmp-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: 0bb92b0108a9f90343bcf1f343f8b0e9fc08d8b222a3fcd562c042d747b05bd4
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
device-mapper-multipath-0.8.7-20.el9.src.rpm
SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069
s390x
device-mapper-multipath-0.8.7-20.el9.s390x.rpm
SHA-256: ec3508bd7a27fcbc0b9fd3d4f7d081d1592a52e21409a4ea50a614e129f7bd14
device-mapper-multipath-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: 3bdc16cbb9d3fc929049866e35c04dc4477ffbdb58c144d03cdd9e778d9fea92
device-mapper-multipath-debugsource-0.8.7-20.el9.s390x.rpm
SHA-256: ff14036c844f94ad8cf1c0d9b0929236a3dc269762593dec53cd9eaf4db89968
device-mapper-multipath-libs-0.8.7-20.el9.s390x.rpm
SHA-256: 644ce12948aeba556c229a4da9537c37dc695025e6a49cb51c768d241549785f
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: 912f31f24856b7af92f725768f1d4d41d0d783d266e14e644b80696d32b689f5
kpartx-0.8.7-20.el9.s390x.rpm
SHA-256: 9fe145fe4757f846bc6fa6b408807fc5ff7e355188eb945f06e0906328a94b96
kpartx-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: adcb2e92c4555bb7bef6c3109cf1c45b5cae10b660f0f88119c08cc63d3fd6bb
libdmmp-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: 04d78f2131f3540d9fd75bcb995c25f658346af13a3f136aa862766ae08b8a78
Red Hat Enterprise Linux for Power, little endian 9
SRPM
device-mapper-multipath-0.8.7-20.el9.src.rpm
SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069
ppc64le
device-mapper-multipath-0.8.7-20.el9.ppc64le.rpm
SHA-256: 44829776010811bcd19d1f3520c9882260c674eef615819ad9aefd936d9bdbe4
device-mapper-multipath-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: b7b036f89046c96cb54f35ddd91055affc4db2a8fa6dac084748dec3b0b4939d
device-mapper-multipath-debugsource-0.8.7-20.el9.ppc64le.rpm
SHA-256: e81bb72b1efdb2d31055f85c728c6cc7d57a5384bf2ec58f563d039b72e9968b
device-mapper-multipath-libs-0.8.7-20.el9.ppc64le.rpm
SHA-256: 0bae2c1617db60e98fa84efcfcbea6d8e78164e65b90fdf9f80e36453e1419bb
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: 5a4f86751209312af2c8c2782bf9193bbee2c249ac5fe0cc0102f5e46ac808a9
kpartx-0.8.7-20.el9.ppc64le.rpm
SHA-256: 92e613aa2d25ba6a8158b6c930fc4ad1a6df417edde086fe1ae34fd8590f2554
kpartx-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: c2cf10adc7536c8ca2f004efeabcaa155146f24f07ddce7984d92be7a55008ce
libdmmp-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: c6b48e148fb4c84a4fdd22d958826e0cfdd7ed6bf0a20bdd3beb6b18d02670ec
Red Hat Enterprise Linux for ARM 64 9
SRPM
device-mapper-multipath-0.8.7-20.el9.src.rpm
SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069
aarch64
device-mapper-multipath-0.8.7-20.el9.aarch64.rpm
SHA-256: f5d7b95450caf8326e22af7694c04552b47c4d1af079fbe2ebfe0a626c58d559
device-mapper-multipath-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 6198db1f7a6aba6c0748d0ba0dabffa3dd2062cce0a71795808864ce6f776092
device-mapper-multipath-debugsource-0.8.7-20.el9.aarch64.rpm
SHA-256: c4eb313c4f9479c6e42adabef64d859b5c2d5c3190aed507d089efed2d2e05d4
device-mapper-multipath-libs-0.8.7-20.el9.aarch64.rpm
SHA-256: 417815470f2a16ae600b171299a4c115d0df05fe9d0c7578858b78028f581d72
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 2f99e62d39a4a20323f4240f8574f91abd422c5883648162edc3eeec2637167b
kpartx-0.8.7-20.el9.aarch64.rpm
SHA-256: 03ae6957d96aa19fd60a35016188400af9bbb20e06a4e4a80ad8e4e5ad1c2a61
kpartx-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 15f528dd40e8951d0a7205676c650dd0c533efc93fb5e7e23899c94d042c9a0b
libdmmp-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 070636766f6884c64d667d74027adb4405e64fccaee8a9fc098707747d9beabb
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
device-mapper-multipath-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: c0818218c1dc67842ea63c7f58edd750483f04ce18f631bd98e3f34f020093e1
device-mapper-multipath-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: ba85a7286dca68ad8c941cc4811d88963c3314f2d10582c51ab142be39794701
device-mapper-multipath-debugsource-0.8.7-20.el9.i686.rpm
SHA-256: b1d337efc571e9f7f21e6209871a0c8e44718065d89a0e79fe304febf5e2dc98
device-mapper-multipath-debugsource-0.8.7-20.el9.x86_64.rpm
SHA-256: 6eca8d1a11d8ec1b4c3358466cd3a2d74fc711572030301e355213ab9eadf631
device-mapper-multipath-devel-0.8.7-20.el9.i686.rpm
SHA-256: b24ff60462ae637be3a57959da04815c2be36868dd9232151b46b16fd69964fa
device-mapper-multipath-devel-0.8.7-20.el9.x86_64.rpm
SHA-256: bbcabb170f1361e7b86a21225017ce60cd1607b826c7066728b08f01a48c35bc
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: 9375565ac2988a9cb5af2a09c910cbad120bdf7ea99e27b14a31c170ad0d8f69
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: 744c4cbd862712317e83841a938ec3b63cdfc3d2c94674dcc88bc3139e656162
kpartx-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: 7d098e40cb734d714c9f57bdc27f1e8cba3552a3fa1885c212607d83f96dac3d
kpartx-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: e83f646e088b1ba213ef269fceadd339effd3c1a2af331603c74fcc1b57f5e3c
libdmmp-debuginfo-0.8.7-20.el9.i686.rpm
SHA-256: 4789f2685ec13e8ac17c1204824748bfcd0fe9f23f1d76ae736422165222fac8
libdmmp-debuginfo-0.8.7-20.el9.x86_64.rpm
SHA-256: 0bb92b0108a9f90343bcf1f343f8b0e9fc08d8b222a3fcd562c042d747b05bd4
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
device-mapper-multipath-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: b7b036f89046c96cb54f35ddd91055affc4db2a8fa6dac084748dec3b0b4939d
device-mapper-multipath-debugsource-0.8.7-20.el9.ppc64le.rpm
SHA-256: e81bb72b1efdb2d31055f85c728c6cc7d57a5384bf2ec58f563d039b72e9968b
device-mapper-multipath-devel-0.8.7-20.el9.ppc64le.rpm
SHA-256: 024926cb3be8360cc1fad2778f17e27d2ef62efbb98df7d38e99412a84215027
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: 5a4f86751209312af2c8c2782bf9193bbee2c249ac5fe0cc0102f5e46ac808a9
kpartx-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: c2cf10adc7536c8ca2f004efeabcaa155146f24f07ddce7984d92be7a55008ce
libdmmp-debuginfo-0.8.7-20.el9.ppc64le.rpm
SHA-256: c6b48e148fb4c84a4fdd22d958826e0cfdd7ed6bf0a20bdd3beb6b18d02670ec
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
device-mapper-multipath-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 6198db1f7a6aba6c0748d0ba0dabffa3dd2062cce0a71795808864ce6f776092
device-mapper-multipath-debugsource-0.8.7-20.el9.aarch64.rpm
SHA-256: c4eb313c4f9479c6e42adabef64d859b5c2d5c3190aed507d089efed2d2e05d4
device-mapper-multipath-devel-0.8.7-20.el9.aarch64.rpm
SHA-256: 019d64d19085c9ea01af15a6018cecc4ea2d20f84bd7cd70930a5ce920c7b2bf
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 2f99e62d39a4a20323f4240f8574f91abd422c5883648162edc3eeec2637167b
kpartx-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 15f528dd40e8951d0a7205676c650dd0c533efc93fb5e7e23899c94d042c9a0b
libdmmp-debuginfo-0.8.7-20.el9.aarch64.rpm
SHA-256: 070636766f6884c64d667d74027adb4405e64fccaee8a9fc098707747d9beabb
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
device-mapper-multipath-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: 3bdc16cbb9d3fc929049866e35c04dc4477ffbdb58c144d03cdd9e778d9fea92
device-mapper-multipath-debugsource-0.8.7-20.el9.s390x.rpm
SHA-256: ff14036c844f94ad8cf1c0d9b0929236a3dc269762593dec53cd9eaf4db89968
device-mapper-multipath-devel-0.8.7-20.el9.s390x.rpm
SHA-256: 4bfed0f4e192bdb096887b6efccd9aa85a8292919b9817dfaa2d96f5817f576e
device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: 912f31f24856b7af92f725768f1d4d41d0d783d266e14e644b80696d32b689f5
kpartx-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: adcb2e92c4555bb7bef6c3109cf1c45b5cae10b660f0f88119c08cc63d3fd6bb
libdmmp-debuginfo-0.8.7-20.el9.s390x.rpm
SHA-256: 04d78f2131f3540d9fd75bcb995c25f658346af13a3f136aa862766ae08b8a78
Related news
Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...
Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
Red Hat Security Advisory 2023-2948-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include an insecure handling vulnerability.
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of th...
Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "
Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.