A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Device-mapper-multipath | Redhat | - (including) | - (including) |
Enterprise_linux | Redhat | 8.7 (including) | 8.7 (including) |
Enterprise_linux | Redhat | 9.1 (including) | 9.1 (including) |