Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.
63195caeb1700e3984a26a911b340418b6255d4604193db4aa5e182c66a21b28
Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.
449a42da9bb4b8caeb5d67f7cec2a182bd6252f94c98c628487a48466106f6b0
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
ae9802d4db6010e09c5ca96ad72cd8f9bb70aff4d7af8a1ec00cebd3203d1f95
Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.
092c3af8cb2fa6d019d0f9746a7c7698aa832e8eb4f69aef485c4e5a55611aad
Red Hat Security Advisory 2022-8598-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities.
87a90dba5877135f592e7fac3e437f62fc8129797e43ffcbcdc48798f34760eb
Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
9624ae8fb4d6e0770272c04b66838bae629e7de815fff8a5dfa0edc820f31a3a
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
9fd49ad2d42596cc152f6771bcdd491b37e2986a01a0b0cdb2f997469ee1fdec
Red Hat Security Advisory 2022-7191-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
13099de012b04e0632ce15256132ec7c87db4de40f438c17def2ae26e1f15784
Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
7199a8c1a05f86f003cb8b38b54be2dc261dbf75835b745ba6b9930cb8462a05
Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
bca824d8b983eea91f25d0299cc2b41860d96575de47c572241cd73a9b0df5eb
Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
c96797a13593c18bf13382ba640630085c4a0bc38281dcbb0c905dca414aec68
Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
3cc6a14b52e3c553b72bfa87a7c08c29b518be4252bd21c78db9405051828138
Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
9888b796be413ba372bf4f3f207c1af954c8f71ba9c67b915784484ae8924486