Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:7928

Опубликовано: 14 нояб. 2022
Источник: rocky
Оценка: Important

Описание

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

  • device-mapper-multipath: Regression of CVE-2022-41974 fix in Rocky Linux (CVE-2022-3787)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
device-mapper-multipathx86_6428.el8_7.1device-mapper-multipath-0.8.4-28.el8_7.1.x86_64.rpm
device-mapper-multipath-libsx86_6428.el8_7.1device-mapper-multipath-libs-0.8.4-28.el8_7.1.x86_64.rpm
kpartxx86_6428.el8_7.1kpartx-0.8.4-28.el8_7.1.x86_64.rpm
libdmmpx86_6428.el8_7.1libdmmp-0.8.4-28.el8_7.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-3787

Ссылки на источники

Исправления

Связанные уязвимости

redhat логотип

CVE-2022-3787

CVSS3: 8.4
redhat
почти 3 года назад

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

nvd логотип

CVE-2022-3787

CVSS3: 7.8
nvd
больше 2 лет назад

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

rocky логотип

RLSA-2022:8453

rocky
больше 2 лет назад

Important: device-mapper-multipath security update

github логотип

GHSA-m46g-8pc6-m8q7

CVSS3: 7.8
github
больше 2 лет назад

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

oracle-oval логотип

ELSA-2022-8453

oracle-oval
больше 2 лет назад

ELSA-2022-8453: device-mapper-multipath security update (IMPORTANT)