Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2459: Red Hat Security Advisory: device-mapper-multipath security and bug fix update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Moderate: device-mapper-multipath security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

  • device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2123894 - CVE-2022-41973 device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
  • BZ - 2125357 - when running iscsiadm login and quick logout the logout didn’t run as expected
  • BZ - 2141860 - Race condition causes kpartx to create a dm device which uses itself as part of the target, creating an infinite recursion
  • BZ - 2143125 - path selector “io-affinity” does not work on RHEL9.2
  • BZ - 2145225 - multipath doesn’t verify the argument count in config option strings it passes to the kernel
  • BZ - 2166467 - multipath devices that need both a table reload and a rename only get renamed on multipathd startup

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

device-mapper-multipath-0.8.7-20.el9.src.rpm

SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069

x86_64

device-mapper-multipath-0.8.7-20.el9.x86_64.rpm

SHA-256: be7582b39edc1ded644d69c75d7333e4d109effbd1bd013973d08afb7b1661b5

device-mapper-multipath-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: c0818218c1dc67842ea63c7f58edd750483f04ce18f631bd98e3f34f020093e1

device-mapper-multipath-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: ba85a7286dca68ad8c941cc4811d88963c3314f2d10582c51ab142be39794701

device-mapper-multipath-debugsource-0.8.7-20.el9.i686.rpm

SHA-256: b1d337efc571e9f7f21e6209871a0c8e44718065d89a0e79fe304febf5e2dc98

device-mapper-multipath-debugsource-0.8.7-20.el9.x86_64.rpm

SHA-256: 6eca8d1a11d8ec1b4c3358466cd3a2d74fc711572030301e355213ab9eadf631

device-mapper-multipath-libs-0.8.7-20.el9.i686.rpm

SHA-256: 3c931531ae832965b286e986b8e4263d9962980ab74ac522f91841699741f60c

device-mapper-multipath-libs-0.8.7-20.el9.x86_64.rpm

SHA-256: 3a1f26bac582511ff9f6ffd029dde158f58b17dae7bd0cbc8e13eca50a2fa3f3

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: 9375565ac2988a9cb5af2a09c910cbad120bdf7ea99e27b14a31c170ad0d8f69

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: 744c4cbd862712317e83841a938ec3b63cdfc3d2c94674dcc88bc3139e656162

kpartx-0.8.7-20.el9.x86_64.rpm

SHA-256: eec85aa43fddce03ff4b5a59ef6b188f5d1fff3a0b8a0c350ccf4416eaa7aba0

kpartx-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: 7d098e40cb734d714c9f57bdc27f1e8cba3552a3fa1885c212607d83f96dac3d

kpartx-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: e83f646e088b1ba213ef269fceadd339effd3c1a2af331603c74fcc1b57f5e3c

libdmmp-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: 4789f2685ec13e8ac17c1204824748bfcd0fe9f23f1d76ae736422165222fac8

libdmmp-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: 0bb92b0108a9f90343bcf1f343f8b0e9fc08d8b222a3fcd562c042d747b05bd4

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

device-mapper-multipath-0.8.7-20.el9.src.rpm

SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069

s390x

device-mapper-multipath-0.8.7-20.el9.s390x.rpm

SHA-256: ec3508bd7a27fcbc0b9fd3d4f7d081d1592a52e21409a4ea50a614e129f7bd14

device-mapper-multipath-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: 3bdc16cbb9d3fc929049866e35c04dc4477ffbdb58c144d03cdd9e778d9fea92

device-mapper-multipath-debugsource-0.8.7-20.el9.s390x.rpm

SHA-256: ff14036c844f94ad8cf1c0d9b0929236a3dc269762593dec53cd9eaf4db89968

device-mapper-multipath-libs-0.8.7-20.el9.s390x.rpm

SHA-256: 644ce12948aeba556c229a4da9537c37dc695025e6a49cb51c768d241549785f

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: 912f31f24856b7af92f725768f1d4d41d0d783d266e14e644b80696d32b689f5

kpartx-0.8.7-20.el9.s390x.rpm

SHA-256: 9fe145fe4757f846bc6fa6b408807fc5ff7e355188eb945f06e0906328a94b96

kpartx-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: adcb2e92c4555bb7bef6c3109cf1c45b5cae10b660f0f88119c08cc63d3fd6bb

libdmmp-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: 04d78f2131f3540d9fd75bcb995c25f658346af13a3f136aa862766ae08b8a78

Red Hat Enterprise Linux for Power, little endian 9

SRPM

device-mapper-multipath-0.8.7-20.el9.src.rpm

SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069

ppc64le

device-mapper-multipath-0.8.7-20.el9.ppc64le.rpm

SHA-256: 44829776010811bcd19d1f3520c9882260c674eef615819ad9aefd936d9bdbe4

device-mapper-multipath-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: b7b036f89046c96cb54f35ddd91055affc4db2a8fa6dac084748dec3b0b4939d

device-mapper-multipath-debugsource-0.8.7-20.el9.ppc64le.rpm

SHA-256: e81bb72b1efdb2d31055f85c728c6cc7d57a5384bf2ec58f563d039b72e9968b

device-mapper-multipath-libs-0.8.7-20.el9.ppc64le.rpm

SHA-256: 0bae2c1617db60e98fa84efcfcbea6d8e78164e65b90fdf9f80e36453e1419bb

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: 5a4f86751209312af2c8c2782bf9193bbee2c249ac5fe0cc0102f5e46ac808a9

kpartx-0.8.7-20.el9.ppc64le.rpm

SHA-256: 92e613aa2d25ba6a8158b6c930fc4ad1a6df417edde086fe1ae34fd8590f2554

kpartx-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: c2cf10adc7536c8ca2f004efeabcaa155146f24f07ddce7984d92be7a55008ce

libdmmp-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: c6b48e148fb4c84a4fdd22d958826e0cfdd7ed6bf0a20bdd3beb6b18d02670ec

Red Hat Enterprise Linux for ARM 64 9

SRPM

device-mapper-multipath-0.8.7-20.el9.src.rpm

SHA-256: 8856a7b29d90367c1a2659c5c6af5d1f55f8091f7ae641ee35df8b9da30a3069

aarch64

device-mapper-multipath-0.8.7-20.el9.aarch64.rpm

SHA-256: f5d7b95450caf8326e22af7694c04552b47c4d1af079fbe2ebfe0a626c58d559

device-mapper-multipath-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 6198db1f7a6aba6c0748d0ba0dabffa3dd2062cce0a71795808864ce6f776092

device-mapper-multipath-debugsource-0.8.7-20.el9.aarch64.rpm

SHA-256: c4eb313c4f9479c6e42adabef64d859b5c2d5c3190aed507d089efed2d2e05d4

device-mapper-multipath-libs-0.8.7-20.el9.aarch64.rpm

SHA-256: 417815470f2a16ae600b171299a4c115d0df05fe9d0c7578858b78028f581d72

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 2f99e62d39a4a20323f4240f8574f91abd422c5883648162edc3eeec2637167b

kpartx-0.8.7-20.el9.aarch64.rpm

SHA-256: 03ae6957d96aa19fd60a35016188400af9bbb20e06a4e4a80ad8e4e5ad1c2a61

kpartx-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 15f528dd40e8951d0a7205676c650dd0c533efc93fb5e7e23899c94d042c9a0b

libdmmp-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 070636766f6884c64d667d74027adb4405e64fccaee8a9fc098707747d9beabb

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

device-mapper-multipath-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: c0818218c1dc67842ea63c7f58edd750483f04ce18f631bd98e3f34f020093e1

device-mapper-multipath-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: ba85a7286dca68ad8c941cc4811d88963c3314f2d10582c51ab142be39794701

device-mapper-multipath-debugsource-0.8.7-20.el9.i686.rpm

SHA-256: b1d337efc571e9f7f21e6209871a0c8e44718065d89a0e79fe304febf5e2dc98

device-mapper-multipath-debugsource-0.8.7-20.el9.x86_64.rpm

SHA-256: 6eca8d1a11d8ec1b4c3358466cd3a2d74fc711572030301e355213ab9eadf631

device-mapper-multipath-devel-0.8.7-20.el9.i686.rpm

SHA-256: b24ff60462ae637be3a57959da04815c2be36868dd9232151b46b16fd69964fa

device-mapper-multipath-devel-0.8.7-20.el9.x86_64.rpm

SHA-256: bbcabb170f1361e7b86a21225017ce60cd1607b826c7066728b08f01a48c35bc

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: 9375565ac2988a9cb5af2a09c910cbad120bdf7ea99e27b14a31c170ad0d8f69

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: 744c4cbd862712317e83841a938ec3b63cdfc3d2c94674dcc88bc3139e656162

kpartx-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: 7d098e40cb734d714c9f57bdc27f1e8cba3552a3fa1885c212607d83f96dac3d

kpartx-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: e83f646e088b1ba213ef269fceadd339effd3c1a2af331603c74fcc1b57f5e3c

libdmmp-debuginfo-0.8.7-20.el9.i686.rpm

SHA-256: 4789f2685ec13e8ac17c1204824748bfcd0fe9f23f1d76ae736422165222fac8

libdmmp-debuginfo-0.8.7-20.el9.x86_64.rpm

SHA-256: 0bb92b0108a9f90343bcf1f343f8b0e9fc08d8b222a3fcd562c042d747b05bd4

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

device-mapper-multipath-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: b7b036f89046c96cb54f35ddd91055affc4db2a8fa6dac084748dec3b0b4939d

device-mapper-multipath-debugsource-0.8.7-20.el9.ppc64le.rpm

SHA-256: e81bb72b1efdb2d31055f85c728c6cc7d57a5384bf2ec58f563d039b72e9968b

device-mapper-multipath-devel-0.8.7-20.el9.ppc64le.rpm

SHA-256: 024926cb3be8360cc1fad2778f17e27d2ef62efbb98df7d38e99412a84215027

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: 5a4f86751209312af2c8c2782bf9193bbee2c249ac5fe0cc0102f5e46ac808a9

kpartx-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: c2cf10adc7536c8ca2f004efeabcaa155146f24f07ddce7984d92be7a55008ce

libdmmp-debuginfo-0.8.7-20.el9.ppc64le.rpm

SHA-256: c6b48e148fb4c84a4fdd22d958826e0cfdd7ed6bf0a20bdd3beb6b18d02670ec

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

device-mapper-multipath-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 6198db1f7a6aba6c0748d0ba0dabffa3dd2062cce0a71795808864ce6f776092

device-mapper-multipath-debugsource-0.8.7-20.el9.aarch64.rpm

SHA-256: c4eb313c4f9479c6e42adabef64d859b5c2d5c3190aed507d089efed2d2e05d4

device-mapper-multipath-devel-0.8.7-20.el9.aarch64.rpm

SHA-256: 019d64d19085c9ea01af15a6018cecc4ea2d20f84bd7cd70930a5ce920c7b2bf

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 2f99e62d39a4a20323f4240f8574f91abd422c5883648162edc3eeec2637167b

kpartx-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 15f528dd40e8951d0a7205676c650dd0c533efc93fb5e7e23899c94d042c9a0b

libdmmp-debuginfo-0.8.7-20.el9.aarch64.rpm

SHA-256: 070636766f6884c64d667d74027adb4405e64fccaee8a9fc098707747d9beabb

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

device-mapper-multipath-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: 3bdc16cbb9d3fc929049866e35c04dc4477ffbdb58c144d03cdd9e778d9fea92

device-mapper-multipath-debugsource-0.8.7-20.el9.s390x.rpm

SHA-256: ff14036c844f94ad8cf1c0d9b0929236a3dc269762593dec53cd9eaf4db89968

device-mapper-multipath-devel-0.8.7-20.el9.s390x.rpm

SHA-256: 4bfed0f4e192bdb096887b6efccd9aa85a8292919b9817dfaa2d96f5817f576e

device-mapper-multipath-libs-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: 912f31f24856b7af92f725768f1d4d41d0d783d266e14e644b80696d32b689f5

kpartx-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: adcb2e92c4555bb7bef6c3109cf1c45b5cae10b660f0f88119c08cc63d3fd6bb

libdmmp-debuginfo-0.8.7-20.el9.s390x.rpm

SHA-256: 04d78f2131f3540d9fd75bcb995c25f658346af13a3f136aa862766ae08b8a78

Related news

Gentoo Linux Security Advisory 202311-06

Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3353: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.9 security fixes and container updates

Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...

Red Hat Security Advisory 2023-3325-01

Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3325: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.7 security fixes and container updates

Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...

Red Hat Security Advisory 2023-3296-01

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

Red Hat Security Advisory 2023-2948-01

Red Hat Security Advisory 2023-2948-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include an insecure handling vulnerability.

RHSA-2023:2948: Red Hat Security Advisory: device-mapper-multipath security and bug fix update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of th...

Debian Security Advisory 5366-1

Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.

snap-confine must_mkdir_and_open_with_perms() Race Condition

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

Ubuntu Security Notice USN-5731-1

Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.

Leeloo Multipath Authorization Bypass / Symlink Attack

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

CVE-2022-41973: Release 0.9.2: Merge pull request #46 from openSUSE/queue · opensvc/multipath-tools

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.