| Name | CVE-2022-41973 |
| Description | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3250-1, DSA-5366-1 |
| Debian Bugs | 1022742 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| multipath-tools (PTS) | bullseye (security), bullseye | 0.8.5-2+deb11u1 | fixed |
| bookworm | 0.9.4-3+deb12u1 | fixed | |
| sid, trixie | 0.9.9-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| multipath-tools | source | buster | 0.7.9-3+deb10u2 | DLA-3250-1 | ||
| multipath-tools | source | bullseye | 0.8.5-2+deb11u1 | DSA-5366-1 | ||
| multipath-tools | source | (unstable) | 0.9.4-1 | 1022742 |
https://www.openwall.com/lists/oss-security/2022/10/24/2
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
Introduced by: https://github.com/opensvc/multipath-tools/commit/65d0a633e066223d361cd1a254ebdfe36a133a5c (0.7.7)
Fix included in https://github.com/opensvc/multipath-tools/pull/46
Fixed by (merge): https://github.com/opensvc/multipath-tools/commit/c4912a639b7ff527aa11d665944594926ff94a7a (0.9.2)
https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 (0.9.2)
https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c (0.9.2)
https://github.com/opensvc/multipath-tools/commit/2a1ff3154c1d5de423c303ca3bc9ed9727b4e523 (0.9.2)
https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2, CVE fix)
https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2)
The fix for CVE-2022-41973 switches to use /run instead of /dev/shm which is a backward
incompatible change (which can be overriden but leaving CVE open).