Descriptionmultipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3250-1, DSA-5366-1
Debian Bugs1022742

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
multipath-tools (PTS)buster0.7.9-3+deb10u1vulnerable
buster (security)0.7.9-3+deb10u2fixed
bullseye (security), bullseye0.8.5-2+deb11u1fixed
sid, trixie0.9.4-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Introduced by: (0.7.7)
Fix included in
Fixed by (merge): (0.9.2) (0.9.2) (0.9.2) (0.9.2) (0.9.2, CVE fix) (0.9.2)
The fix for CVE-2022-41973 switches to use /run instead of /dev/shm which is a backward
incompatible change (which can be overriden but leaving CVE open).

Search for package or bug name: Reporting problems