Vulnerability Details : CVE-2022-41974
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
Vulnerability category: Gain privilege
Products affected by CVE-2022-41974
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:opensvc:multipath-tools:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41974
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41974
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-41974
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41974
-
http://www.openwall.com/lists/oss-security/2022/10/24/2
oss-security - Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)Exploit;Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1202739
Bug 1202739 – VUL-0: CVE-2022-41973,CVE-2022-41974: multipath-tools: multipathd: authorization bypass and symlink attack "Leeloo Multipath"Issue Tracking;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Dec/4
Full Disclosure: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)Exploit;Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
Leeloo Multipath Authorization Bypass / Symlink Attack ≈ Packet StormExploit;Mailing List;Third Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html
[SECURITY] [DLA 3250-1] multipath-tools security updateMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/25
Full Disclosure: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)Exploit;Mailing List;Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5366
Debian -- Security Information -- DSA-5366-1 multipath-toolsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36 - package-announce - Fedora Mailing-Lists
-
https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
Release 0.9.2: Merge pull request #46 from openSUSE/queue · opensvc/multipath-tools · GitHubRelease Notes;Third Party Advisory
-
https://security.gentoo.org/glsa/202311-06
multipath-tools: Multiple Vulnerabilities (GLSA 202311-06) — Gentoo security
-
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
Exploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/11/30/2
oss-security - Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)Exploit;Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
snap-confine must_mkdir_and_open_with_perms() Race Condition ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to