Headline
RHSA-2023:2948: Red Hat Security Advisory: device-mapper-multipath security and bug fix update
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Synopsis
Moderate: device-mapper-multipath security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
Security Fix(es):
- device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2110485 - when running iscsiadm login and quick logout the logout didn’t run as expected
- BZ - 2123446 - [RHEL8.4] system hung at Started cancel waiting for multipath siblings of x [rhel-8.8.0]
- BZ - 2123894 - CVE-2022-41973 device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
- BZ - 2126714 - Multipath segfault after running newest patched version
- BZ - 2128885 - Race condition causes kpartx to create a dm device which uses itself as part of the target, creating an infinite recursion
- BZ - 2141996 - There is no historical-service-time path selector in multipath.conf man page
- BZ - 2155560 - multipath doesn’t verify the argument count in config option strings it passes to the kernel
- BZ - 2166468 - multipath devices that need both a table reload and a rename only get renamed on multipathd startup
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
device-mapper-multipath-0.8.4-37.el8.src.rpm
SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55
x86_64
device-mapper-multipath-0.8.4-37.el8.x86_64.rpm
SHA-256: a3cb0b2d3be0636954429189ac3f1e1890a4506a2dc8d3292a83354547edfd0a
device-mapper-multipath-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: c65832d366b76a6a5a9493e55d4c84de726f6fa2f67baed8a4548370b8401ea2
device-mapper-multipath-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: c9c245559d50cdd0e6a311f129fb9d86b9e1c9b864276ea966e9893449337ef8
device-mapper-multipath-debugsource-0.8.4-37.el8.i686.rpm
SHA-256: 53c718f4dc1e3bd3519f6ca15d124d0be906f82c6ac3578040580fa951b00fac
device-mapper-multipath-debugsource-0.8.4-37.el8.x86_64.rpm
SHA-256: f8b00f0aec9dcf3586d717b063fd44873e1f1a3e0811bbe3ca91a51811f836b9
device-mapper-multipath-libs-0.8.4-37.el8.i686.rpm
SHA-256: b2573189018784168cb8f0f84c65f5bc1a1e300ca65851fb0450f003d7ac4e15
device-mapper-multipath-libs-0.8.4-37.el8.x86_64.rpm
SHA-256: 62b914b380cd92d110b1c32db578cb2435dda5780cb32b2ea13da34d6e1b784e
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: 52dc49f250e714078957530190de87df4ccb1ea3bb4c0d833855e1a01220c6ff
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: 60a97e9859f7f31f6cf462c5937dd8507a095794db1f0e4897ab82abedd8a5b1
kpartx-0.8.4-37.el8.x86_64.rpm
SHA-256: d6aad8c083342b63280caa2760e92fc24e60cf6a573afc4f3171c0b3ed4f55a9
kpartx-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: b77c54270cbd2afdb67cc8878bc25cc598ed5260b229ec7c58ec0c88db11ba6b
kpartx-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: 05f72216513acccf13f8fff5fd09ba8e9bc53fd0d999d1b47b4595eee8610015
libdmmp-0.8.4-37.el8.i686.rpm
SHA-256: 4a54e985f183a718e2b8e7edf5f3fb3cac4a29a6efb43236e0bfdf636f25d9eb
libdmmp-0.8.4-37.el8.x86_64.rpm
SHA-256: 36202b4d4485cc292ecab2131a87b99d6e87077779e8eed709cf1f2c8e6c6401
libdmmp-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: 982992fa44593f776af082c0d9c757a3809a38ca57a73d90646ca12c448ab29b
libdmmp-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: eec442ca0886a9fc422dbd37ea1e12120951ead5443319efe960860eca8c94b3
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
device-mapper-multipath-0.8.4-37.el8.src.rpm
SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55
s390x
device-mapper-multipath-0.8.4-37.el8.s390x.rpm
SHA-256: ddf2bd99fd89c9f37946f9edf585ca1dad64e9ed608760b009665f671ff78676
device-mapper-multipath-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: 424b68a7e4fcf038195f0e9215bf849a9be9a570c1782c8402d87ff118f9af99
device-mapper-multipath-debugsource-0.8.4-37.el8.s390x.rpm
SHA-256: 85308f1b3334e2c43475858304b133f98fa58567086538d8e9e5c788c213457a
device-mapper-multipath-libs-0.8.4-37.el8.s390x.rpm
SHA-256: fa507126bc27e4c101a52004fb6bc1dde6f40b39ba031b314d12e37103f7b340
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: f6642214aba766813778d84aa3c53e632c472104626efbcf140fde2664996c25
kpartx-0.8.4-37.el8.s390x.rpm
SHA-256: e4c0f042c004937930a753a914083e19843ec79a33e7e328e599d5d4b1a0f50c
kpartx-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: c1f44d168387d3abe20515e947b4a840066e6a0f22e27349bbecd881fb71b63a
libdmmp-0.8.4-37.el8.s390x.rpm
SHA-256: facbd49a8006f9e759b64a803dca697058c609cec0dd18a0b13be545ef8f8b7e
libdmmp-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: cfcf3e47701da5d550d6fa661eb260246cf9f9c28bca19ed064abe7f1f58cdde
Red Hat Enterprise Linux for Power, little endian 8
SRPM
device-mapper-multipath-0.8.4-37.el8.src.rpm
SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55
ppc64le
device-mapper-multipath-0.8.4-37.el8.ppc64le.rpm
SHA-256: ec5a78fd773f5e198f63f83d6d77bce2e181c5bb483f1946744fdad05b3b4037
device-mapper-multipath-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: 2e3fdf92176c8b50e1326bc406b037a6479e0c2de6a55e8b4c3df53efb2eebae
device-mapper-multipath-debugsource-0.8.4-37.el8.ppc64le.rpm
SHA-256: efc3288e3594b5958d482efd78175caab95de882692de66b8860fb16c36759f3
device-mapper-multipath-libs-0.8.4-37.el8.ppc64le.rpm
SHA-256: 23a4d8d7b5f768c82e87928efd8d23bf70b4cd0485d2efc464f170750655b72a
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: a015d6f2da30ee719de13cfdda2cd2f1b0d4da5ae65bd281e34072c0885c190c
kpartx-0.8.4-37.el8.ppc64le.rpm
SHA-256: da4dd4605494a9f626de5402a70b4895adadfc635cdbc6eac98eac772166020e
kpartx-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: 48fa7ac900d431e4e373bb0805ad4a7320af45579426182180c1b7bb81a7ea3b
libdmmp-0.8.4-37.el8.ppc64le.rpm
SHA-256: 2dc0e96efa4cc6254f9f1298153a67f0e68c4b95520b6019c8bd47e48264af3a
libdmmp-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: 6ee92eeb9338121a319e65ffa552d18bde644a9665dc6ff5f3a75bee411ececd
Red Hat Enterprise Linux for ARM 64 8
SRPM
device-mapper-multipath-0.8.4-37.el8.src.rpm
SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55
aarch64
device-mapper-multipath-0.8.4-37.el8.aarch64.rpm
SHA-256: 0a733416fa1c4ad6fce452d7d937e535d14f38ae287b905055ce43ff478e39c6
device-mapper-multipath-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: 8c2316b7b467091f7f3b1784e1b95caa4da59281f92302b931d849499cff239a
device-mapper-multipath-debugsource-0.8.4-37.el8.aarch64.rpm
SHA-256: 74bd9ad8623aacd96ac56a4cd5bd95697fc2d99def8ca01345a3d4271a9f14a8
device-mapper-multipath-libs-0.8.4-37.el8.aarch64.rpm
SHA-256: 80dab283e1b026f7c61262edeb7e0f0438c45254413f522deb88adb10b1d8569
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: 1f7726f1acd8b34e7806433160958b90b8b70841f274d607519d4ff7e0fe38c7
kpartx-0.8.4-37.el8.aarch64.rpm
SHA-256: 0d1465f6e1c81c8e957a05f0f51694abd7a4bda72b7222c70e308fc2adb2a11f
kpartx-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: b08829479bb53736a1b0ba47e7145850e63a4266ee2b30f0e257ad41b0259511
libdmmp-0.8.4-37.el8.aarch64.rpm
SHA-256: 756804d1acda0a274db5fb17702810b85137026d1f6a102a0093a1451b857cf6
libdmmp-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: 0a9fbeb3183e933c7c141c0cc953ae666443ad5839c83b3a92a7acee5035b444
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
device-mapper-multipath-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: c65832d366b76a6a5a9493e55d4c84de726f6fa2f67baed8a4548370b8401ea2
device-mapper-multipath-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: c9c245559d50cdd0e6a311f129fb9d86b9e1c9b864276ea966e9893449337ef8
device-mapper-multipath-debugsource-0.8.4-37.el8.i686.rpm
SHA-256: 53c718f4dc1e3bd3519f6ca15d124d0be906f82c6ac3578040580fa951b00fac
device-mapper-multipath-debugsource-0.8.4-37.el8.x86_64.rpm
SHA-256: f8b00f0aec9dcf3586d717b063fd44873e1f1a3e0811bbe3ca91a51811f836b9
device-mapper-multipath-devel-0.8.4-37.el8.i686.rpm
SHA-256: af28dff10e322257d2bdfa4763d2e1daaaf64120503e6a31181f5c10c279e650
device-mapper-multipath-devel-0.8.4-37.el8.x86_64.rpm
SHA-256: 057731b1faabda2d7ef4cbbfd9b1f4d38e270cdeafaf5d4c4a5d1571cf75d84a
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: 52dc49f250e714078957530190de87df4ccb1ea3bb4c0d833855e1a01220c6ff
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: 60a97e9859f7f31f6cf462c5937dd8507a095794db1f0e4897ab82abedd8a5b1
kpartx-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: b77c54270cbd2afdb67cc8878bc25cc598ed5260b229ec7c58ec0c88db11ba6b
kpartx-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: 05f72216513acccf13f8fff5fd09ba8e9bc53fd0d999d1b47b4595eee8610015
libdmmp-debuginfo-0.8.4-37.el8.i686.rpm
SHA-256: 982992fa44593f776af082c0d9c757a3809a38ca57a73d90646ca12c448ab29b
libdmmp-debuginfo-0.8.4-37.el8.x86_64.rpm
SHA-256: eec442ca0886a9fc422dbd37ea1e12120951ead5443319efe960860eca8c94b3
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
device-mapper-multipath-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: 2e3fdf92176c8b50e1326bc406b037a6479e0c2de6a55e8b4c3df53efb2eebae
device-mapper-multipath-debugsource-0.8.4-37.el8.ppc64le.rpm
SHA-256: efc3288e3594b5958d482efd78175caab95de882692de66b8860fb16c36759f3
device-mapper-multipath-devel-0.8.4-37.el8.ppc64le.rpm
SHA-256: 8e38bc6a5a3406005f3b8f1aba1d07e354c109a787c35867225cf16644ad0374
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: a015d6f2da30ee719de13cfdda2cd2f1b0d4da5ae65bd281e34072c0885c190c
kpartx-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: 48fa7ac900d431e4e373bb0805ad4a7320af45579426182180c1b7bb81a7ea3b
libdmmp-debuginfo-0.8.4-37.el8.ppc64le.rpm
SHA-256: 6ee92eeb9338121a319e65ffa552d18bde644a9665dc6ff5f3a75bee411ececd
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
device-mapper-multipath-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: 8c2316b7b467091f7f3b1784e1b95caa4da59281f92302b931d849499cff239a
device-mapper-multipath-debugsource-0.8.4-37.el8.aarch64.rpm
SHA-256: 74bd9ad8623aacd96ac56a4cd5bd95697fc2d99def8ca01345a3d4271a9f14a8
device-mapper-multipath-devel-0.8.4-37.el8.aarch64.rpm
SHA-256: 923272dda8ba2caa6004bc8df9f7470a8bcc3967627aef8bb61f04d2fd1a4350
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: 1f7726f1acd8b34e7806433160958b90b8b70841f274d607519d4ff7e0fe38c7
kpartx-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: b08829479bb53736a1b0ba47e7145850e63a4266ee2b30f0e257ad41b0259511
libdmmp-debuginfo-0.8.4-37.el8.aarch64.rpm
SHA-256: 0a9fbeb3183e933c7c141c0cc953ae666443ad5839c83b3a92a7acee5035b444
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
device-mapper-multipath-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: 424b68a7e4fcf038195f0e9215bf849a9be9a570c1782c8402d87ff118f9af99
device-mapper-multipath-debugsource-0.8.4-37.el8.s390x.rpm
SHA-256: 85308f1b3334e2c43475858304b133f98fa58567086538d8e9e5c788c213457a
device-mapper-multipath-devel-0.8.4-37.el8.s390x.rpm
SHA-256: dec527eeccbb606a91d2edb9c07f86f087baa5c57fec1f5a22bdb7a38a5a51fa
device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: f6642214aba766813778d84aa3c53e632c472104626efbcf140fde2664996c25
kpartx-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: c1f44d168387d3abe20515e947b4a840066e6a0f22e27349bbecd881fb71b63a
libdmmp-debuginfo-0.8.4-37.el8.s390x.rpm
SHA-256: cfcf3e47701da5d550d6fa661eb260246cf9f9c28bca19ed064abe7f1f58cdde
Related news
Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
Red Hat Security Advisory 2023-2948-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include an insecure handling vulnerability.
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of th...
Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "
Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.