CVE-2022-41974

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41974
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41974.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41974
Related
Published
2022-10-29T19:15:10Z
Modified
2024-10-12T10:12:53.602284Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

References

Affected packages

Debian:11 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:deb/debian/multipath-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.5-2+deb11u1

Affected versions

0.*

0.8.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:deb/debian/multipath-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:deb/debian/multipath-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/opensvc/multipath-tools

Affected ranges

Type
GIT
Repo
https://github.com/opensvc/multipath-tools
Events

Affected versions

0.*

0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.9.0
0.9.1