Bug 2133988 (CVE-2022-41974) - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
Summary: CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daem...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-41974
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Lin Li
URL:
Whiteboard:
Depends On: 2133991 2133992 2133993 2133994 2133995 2133996 2133997 2133998 2133999 2134905 2136434 2137416
Blocks: 2133535
TreeView+ depends on / blocked
 
Reported: 2022-10-12 04:55 UTC by Sandipan Roy
Modified: 2023-05-16 15:15 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
Clone Of:
Environment:
Last Closed: 2023-05-16 15:15:48 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:7233 0 None None None 2022-10-27 06:37:20 UTC
Red Hat Product Errata RHBA-2022:7234 0 None None None 2022-10-27 06:39:16 UTC
Red Hat Product Errata RHBA-2022:7259 0 None None None 2022-10-31 10:02:20 UTC
Red Hat Product Errata RHBA-2022:7347 0 None None None 2022-11-02 17:37:39 UTC
Red Hat Product Errata RHBA-2022:7367 0 None None None 2022-11-02 19:01:56 UTC
Red Hat Product Errata RHBA-2022:7368 0 None None None 2022-11-02 18:18:03 UTC
Red Hat Product Errata RHBA-2022:7385 0 None None None 2022-11-02 19:22:43 UTC
Red Hat Product Errata RHBA-2022:7386 0 None None None 2022-11-02 19:31:53 UTC
Red Hat Product Errata RHBA-2022:7387 0 None None None 2022-11-02 19:38:20 UTC
Red Hat Product Errata RHBA-2022:7436 0 None None None 2022-11-07 10:24:51 UTC
Red Hat Product Errata RHBA-2022:7439 0 None None None 2022-11-07 11:29:29 UTC
Red Hat Product Errata RHBA-2022:7818 0 None None None 2022-11-08 08:10:47 UTC
Red Hat Product Errata RHBA-2022:7862 0 None None None 2022-11-09 01:26:26 UTC
Red Hat Product Errata RHBA-2022:7864 0 None None None 2022-11-09 01:46:37 UTC
Red Hat Product Errata RHBA-2022:7892 0 None None None 2022-11-09 11:39:39 UTC
Red Hat Product Errata RHBA-2022:7909 0 None None None 2022-11-09 15:47:53 UTC
Red Hat Product Errata RHBA-2022:7926 0 None None None 2022-11-10 16:22:23 UTC
Red Hat Product Errata RHBA-2022:8540 0 None None None 2022-11-21 09:29:33 UTC
Red Hat Product Errata RHBA-2022:8778 0 None None None 2022-12-05 11:44:57 UTC
Red Hat Product Errata RHSA-2022:7185 0 None None None 2022-10-25 15:00:47 UTC
Red Hat Product Errata RHSA-2022:7186 0 None None None 2022-10-25 15:12:12 UTC
Red Hat Product Errata RHSA-2022:7187 0 None None None 2022-10-25 15:04:27 UTC
Red Hat Product Errata RHSA-2022:7188 0 None None None 2022-10-25 15:06:29 UTC
Red Hat Product Errata RHSA-2022:7191 0 None None None 2022-10-27 10:14:01 UTC
Red Hat Product Errata RHSA-2022:7192 0 None None None 2022-10-25 15:17:41 UTC
Red Hat Product Errata RHSA-2022:8598 0 None None None 2022-11-22 15:28:36 UTC

Description Sandipan Roy 2022-10-12 04:55:15 UTC 
Qualys Security Advisory
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
https://www.openwall.com/lists/oss-security/2022/10/24/2

========================================================================
CVE-2022-41974: Authorization bypass
========================================================================

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
Comment 7 Guilherme de Almeida Suckevicz 2022-10-24 20:02:41 UTC 
Created device-mapper-multipath tracking bugs for this issue:

Affects: fedora-all [bug 2137416]
Comment 8 errata-xmlrpc 2022-10-25 15:00:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7185 https://access.redhat.com/errata/RHSA-2022:7185
Comment 9 errata-xmlrpc 2022-10-25 15:04:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:7187 https://access.redhat.com/errata/RHSA-2022:7187
Comment 10 errata-xmlrpc 2022-10-25 15:06:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:7188 https://access.redhat.com/errata/RHSA-2022:7188
Comment 11 errata-xmlrpc 2022-10-25 15:12:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7186 https://access.redhat.com/errata/RHSA-2022:7186
Comment 12 errata-xmlrpc 2022-10-25 15:17:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7192 https://access.redhat.com/errata/RHSA-2022:7192
Comment 13 errata-xmlrpc 2022-10-27 10:13:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:7191 https://access.redhat.com/errata/RHSA-2022:7191
Comment 18 errata-xmlrpc 2022-11-22 15:28:34 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:8598 https://access.redhat.com/errata/RHSA-2022:8598
Comment 19 Product Security DevOps Team 2023-05-16 15:15:46 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-41974
Note You need to log in before you can comment on or make changes to this bug.