Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2948: Red Hat Security Advisory: device-mapper-multipath security and bug fix update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Moderate: device-mapper-multipath security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

  • device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2110485 - when running iscsiadm login and quick logout the logout didn’t run as expected
  • BZ - 2123446 - [RHEL8.4] system hung at Started cancel waiting for multipath siblings of x [rhel-8.8.0]
  • BZ - 2123894 - CVE-2022-41973 device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
  • BZ - 2126714 - Multipath segfault after running newest patched version
  • BZ - 2128885 - Race condition causes kpartx to create a dm device which uses itself as part of the target, creating an infinite recursion
  • BZ - 2141996 - There is no historical-service-time path selector in multipath.conf man page
  • BZ - 2155560 - multipath doesn’t verify the argument count in config option strings it passes to the kernel
  • BZ - 2166468 - multipath devices that need both a table reload and a rename only get renamed on multipathd startup

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

device-mapper-multipath-0.8.4-37.el8.src.rpm

SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55

x86_64

device-mapper-multipath-0.8.4-37.el8.x86_64.rpm

SHA-256: a3cb0b2d3be0636954429189ac3f1e1890a4506a2dc8d3292a83354547edfd0a

device-mapper-multipath-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: c65832d366b76a6a5a9493e55d4c84de726f6fa2f67baed8a4548370b8401ea2

device-mapper-multipath-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: c9c245559d50cdd0e6a311f129fb9d86b9e1c9b864276ea966e9893449337ef8

device-mapper-multipath-debugsource-0.8.4-37.el8.i686.rpm

SHA-256: 53c718f4dc1e3bd3519f6ca15d124d0be906f82c6ac3578040580fa951b00fac

device-mapper-multipath-debugsource-0.8.4-37.el8.x86_64.rpm

SHA-256: f8b00f0aec9dcf3586d717b063fd44873e1f1a3e0811bbe3ca91a51811f836b9

device-mapper-multipath-libs-0.8.4-37.el8.i686.rpm

SHA-256: b2573189018784168cb8f0f84c65f5bc1a1e300ca65851fb0450f003d7ac4e15

device-mapper-multipath-libs-0.8.4-37.el8.x86_64.rpm

SHA-256: 62b914b380cd92d110b1c32db578cb2435dda5780cb32b2ea13da34d6e1b784e

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: 52dc49f250e714078957530190de87df4ccb1ea3bb4c0d833855e1a01220c6ff

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: 60a97e9859f7f31f6cf462c5937dd8507a095794db1f0e4897ab82abedd8a5b1

kpartx-0.8.4-37.el8.x86_64.rpm

SHA-256: d6aad8c083342b63280caa2760e92fc24e60cf6a573afc4f3171c0b3ed4f55a9

kpartx-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: b77c54270cbd2afdb67cc8878bc25cc598ed5260b229ec7c58ec0c88db11ba6b

kpartx-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: 05f72216513acccf13f8fff5fd09ba8e9bc53fd0d999d1b47b4595eee8610015

libdmmp-0.8.4-37.el8.i686.rpm

SHA-256: 4a54e985f183a718e2b8e7edf5f3fb3cac4a29a6efb43236e0bfdf636f25d9eb

libdmmp-0.8.4-37.el8.x86_64.rpm

SHA-256: 36202b4d4485cc292ecab2131a87b99d6e87077779e8eed709cf1f2c8e6c6401

libdmmp-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: 982992fa44593f776af082c0d9c757a3809a38ca57a73d90646ca12c448ab29b

libdmmp-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: eec442ca0886a9fc422dbd37ea1e12120951ead5443319efe960860eca8c94b3

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

device-mapper-multipath-0.8.4-37.el8.src.rpm

SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55

s390x

device-mapper-multipath-0.8.4-37.el8.s390x.rpm

SHA-256: ddf2bd99fd89c9f37946f9edf585ca1dad64e9ed608760b009665f671ff78676

device-mapper-multipath-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: 424b68a7e4fcf038195f0e9215bf849a9be9a570c1782c8402d87ff118f9af99

device-mapper-multipath-debugsource-0.8.4-37.el8.s390x.rpm

SHA-256: 85308f1b3334e2c43475858304b133f98fa58567086538d8e9e5c788c213457a

device-mapper-multipath-libs-0.8.4-37.el8.s390x.rpm

SHA-256: fa507126bc27e4c101a52004fb6bc1dde6f40b39ba031b314d12e37103f7b340

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: f6642214aba766813778d84aa3c53e632c472104626efbcf140fde2664996c25

kpartx-0.8.4-37.el8.s390x.rpm

SHA-256: e4c0f042c004937930a753a914083e19843ec79a33e7e328e599d5d4b1a0f50c

kpartx-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: c1f44d168387d3abe20515e947b4a840066e6a0f22e27349bbecd881fb71b63a

libdmmp-0.8.4-37.el8.s390x.rpm

SHA-256: facbd49a8006f9e759b64a803dca697058c609cec0dd18a0b13be545ef8f8b7e

libdmmp-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: cfcf3e47701da5d550d6fa661eb260246cf9f9c28bca19ed064abe7f1f58cdde

Red Hat Enterprise Linux for Power, little endian 8

SRPM

device-mapper-multipath-0.8.4-37.el8.src.rpm

SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55

ppc64le

device-mapper-multipath-0.8.4-37.el8.ppc64le.rpm

SHA-256: ec5a78fd773f5e198f63f83d6d77bce2e181c5bb483f1946744fdad05b3b4037

device-mapper-multipath-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: 2e3fdf92176c8b50e1326bc406b037a6479e0c2de6a55e8b4c3df53efb2eebae

device-mapper-multipath-debugsource-0.8.4-37.el8.ppc64le.rpm

SHA-256: efc3288e3594b5958d482efd78175caab95de882692de66b8860fb16c36759f3

device-mapper-multipath-libs-0.8.4-37.el8.ppc64le.rpm

SHA-256: 23a4d8d7b5f768c82e87928efd8d23bf70b4cd0485d2efc464f170750655b72a

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: a015d6f2da30ee719de13cfdda2cd2f1b0d4da5ae65bd281e34072c0885c190c

kpartx-0.8.4-37.el8.ppc64le.rpm

SHA-256: da4dd4605494a9f626de5402a70b4895adadfc635cdbc6eac98eac772166020e

kpartx-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: 48fa7ac900d431e4e373bb0805ad4a7320af45579426182180c1b7bb81a7ea3b

libdmmp-0.8.4-37.el8.ppc64le.rpm

SHA-256: 2dc0e96efa4cc6254f9f1298153a67f0e68c4b95520b6019c8bd47e48264af3a

libdmmp-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: 6ee92eeb9338121a319e65ffa552d18bde644a9665dc6ff5f3a75bee411ececd

Red Hat Enterprise Linux for ARM 64 8

SRPM

device-mapper-multipath-0.8.4-37.el8.src.rpm

SHA-256: ef5e4881451c0d37fdceddeaa37773e7d2f1fede489474df3e50cedf005bbf55

aarch64

device-mapper-multipath-0.8.4-37.el8.aarch64.rpm

SHA-256: 0a733416fa1c4ad6fce452d7d937e535d14f38ae287b905055ce43ff478e39c6

device-mapper-multipath-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: 8c2316b7b467091f7f3b1784e1b95caa4da59281f92302b931d849499cff239a

device-mapper-multipath-debugsource-0.8.4-37.el8.aarch64.rpm

SHA-256: 74bd9ad8623aacd96ac56a4cd5bd95697fc2d99def8ca01345a3d4271a9f14a8

device-mapper-multipath-libs-0.8.4-37.el8.aarch64.rpm

SHA-256: 80dab283e1b026f7c61262edeb7e0f0438c45254413f522deb88adb10b1d8569

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: 1f7726f1acd8b34e7806433160958b90b8b70841f274d607519d4ff7e0fe38c7

kpartx-0.8.4-37.el8.aarch64.rpm

SHA-256: 0d1465f6e1c81c8e957a05f0f51694abd7a4bda72b7222c70e308fc2adb2a11f

kpartx-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: b08829479bb53736a1b0ba47e7145850e63a4266ee2b30f0e257ad41b0259511

libdmmp-0.8.4-37.el8.aarch64.rpm

SHA-256: 756804d1acda0a274db5fb17702810b85137026d1f6a102a0093a1451b857cf6

libdmmp-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: 0a9fbeb3183e933c7c141c0cc953ae666443ad5839c83b3a92a7acee5035b444

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

device-mapper-multipath-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: c65832d366b76a6a5a9493e55d4c84de726f6fa2f67baed8a4548370b8401ea2

device-mapper-multipath-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: c9c245559d50cdd0e6a311f129fb9d86b9e1c9b864276ea966e9893449337ef8

device-mapper-multipath-debugsource-0.8.4-37.el8.i686.rpm

SHA-256: 53c718f4dc1e3bd3519f6ca15d124d0be906f82c6ac3578040580fa951b00fac

device-mapper-multipath-debugsource-0.8.4-37.el8.x86_64.rpm

SHA-256: f8b00f0aec9dcf3586d717b063fd44873e1f1a3e0811bbe3ca91a51811f836b9

device-mapper-multipath-devel-0.8.4-37.el8.i686.rpm

SHA-256: af28dff10e322257d2bdfa4763d2e1daaaf64120503e6a31181f5c10c279e650

device-mapper-multipath-devel-0.8.4-37.el8.x86_64.rpm

SHA-256: 057731b1faabda2d7ef4cbbfd9b1f4d38e270cdeafaf5d4c4a5d1571cf75d84a

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: 52dc49f250e714078957530190de87df4ccb1ea3bb4c0d833855e1a01220c6ff

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: 60a97e9859f7f31f6cf462c5937dd8507a095794db1f0e4897ab82abedd8a5b1

kpartx-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: b77c54270cbd2afdb67cc8878bc25cc598ed5260b229ec7c58ec0c88db11ba6b

kpartx-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: 05f72216513acccf13f8fff5fd09ba8e9bc53fd0d999d1b47b4595eee8610015

libdmmp-debuginfo-0.8.4-37.el8.i686.rpm

SHA-256: 982992fa44593f776af082c0d9c757a3809a38ca57a73d90646ca12c448ab29b

libdmmp-debuginfo-0.8.4-37.el8.x86_64.rpm

SHA-256: eec442ca0886a9fc422dbd37ea1e12120951ead5443319efe960860eca8c94b3

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

device-mapper-multipath-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: 2e3fdf92176c8b50e1326bc406b037a6479e0c2de6a55e8b4c3df53efb2eebae

device-mapper-multipath-debugsource-0.8.4-37.el8.ppc64le.rpm

SHA-256: efc3288e3594b5958d482efd78175caab95de882692de66b8860fb16c36759f3

device-mapper-multipath-devel-0.8.4-37.el8.ppc64le.rpm

SHA-256: 8e38bc6a5a3406005f3b8f1aba1d07e354c109a787c35867225cf16644ad0374

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: a015d6f2da30ee719de13cfdda2cd2f1b0d4da5ae65bd281e34072c0885c190c

kpartx-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: 48fa7ac900d431e4e373bb0805ad4a7320af45579426182180c1b7bb81a7ea3b

libdmmp-debuginfo-0.8.4-37.el8.ppc64le.rpm

SHA-256: 6ee92eeb9338121a319e65ffa552d18bde644a9665dc6ff5f3a75bee411ececd

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

device-mapper-multipath-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: 8c2316b7b467091f7f3b1784e1b95caa4da59281f92302b931d849499cff239a

device-mapper-multipath-debugsource-0.8.4-37.el8.aarch64.rpm

SHA-256: 74bd9ad8623aacd96ac56a4cd5bd95697fc2d99def8ca01345a3d4271a9f14a8

device-mapper-multipath-devel-0.8.4-37.el8.aarch64.rpm

SHA-256: 923272dda8ba2caa6004bc8df9f7470a8bcc3967627aef8bb61f04d2fd1a4350

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: 1f7726f1acd8b34e7806433160958b90b8b70841f274d607519d4ff7e0fe38c7

kpartx-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: b08829479bb53736a1b0ba47e7145850e63a4266ee2b30f0e257ad41b0259511

libdmmp-debuginfo-0.8.4-37.el8.aarch64.rpm

SHA-256: 0a9fbeb3183e933c7c141c0cc953ae666443ad5839c83b3a92a7acee5035b444

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

device-mapper-multipath-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: 424b68a7e4fcf038195f0e9215bf849a9be9a570c1782c8402d87ff118f9af99

device-mapper-multipath-debugsource-0.8.4-37.el8.s390x.rpm

SHA-256: 85308f1b3334e2c43475858304b133f98fa58567086538d8e9e5c788c213457a

device-mapper-multipath-devel-0.8.4-37.el8.s390x.rpm

SHA-256: dec527eeccbb606a91d2edb9c07f86f087baa5c57fec1f5a22bdb7a38a5a51fa

device-mapper-multipath-libs-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: f6642214aba766813778d84aa3c53e632c472104626efbcf140fde2664996c25

kpartx-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: c1f44d168387d3abe20515e947b4a840066e6a0f22e27349bbecd881fb71b63a

libdmmp-debuginfo-0.8.4-37.el8.s390x.rpm

SHA-256: cfcf3e47701da5d550d6fa661eb260246cf9f9c28bca19ed064abe7f1f58cdde

Related news

Gentoo Linux Security Advisory 202311-06

Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3353: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.9 security fixes and container updates

Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...

Red Hat Security Advisory 2023-3325-01

Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-3296-01

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

Red Hat Security Advisory 2023-2948-01

Red Hat Security Advisory 2023-2948-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include an insecure handling vulnerability.

RHSA-2023:2459: Red Hat Security Advisory: device-mapper-multipath security and bug fix update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41973: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of th...

Debian Security Advisory 5366-1

Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.

snap-confine must_mkdir_and_open_with_perms() Race Condition

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

Ubuntu Security Notice USN-5731-1

Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.

Leeloo Multipath Authorization Bypass / Symlink Attack

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

CVE-2022-41973: Release 0.9.2: Merge pull request #46 from openSUSE/queue · opensvc/multipath-tools

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.