CVE-2022-41973
device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
7Exploited in Wild
-Decision
Descriptions
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
multipath-tools 0.7.7 hasta 0.9.x anteriores a 0.9.2 permite a los usuarios locales obtener acceso de root, explotado junto con CVE-2022-41974. Los usuarios locales capaces de acceder a /dev/shm pueden cambiar los enlaces simbólicos en multipathd debido a un manejo incorrecto de los enlaces simbólicos, lo que podría llevar a escrituras controladas de archivos fuera del directorio /dev/shm. Esto podría usarse indirectamente para escalar privilegios locales a root.
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-30 CVE Reserved
- 2022-10-29 CVE Published
- 2023-11-26 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1202739 | Issue Tracking | |
| https://github.com/opensvc/multipath-tools/releases/tag/0.9.2 | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html | Mailing List |
|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensvc Search vendor "Opensvc" | Multipath-tools Search vendor "Opensvc" for product "Multipath-tools" | >= 0.7.7 < 0.9.2 Search vendor "Opensvc" for product "Multipath-tools" and version " >= 0.7.7 < 0.9.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||