• CVE-2022-3787

发布时间: 2023年4月4日

修改时间: 2024年11月30日

概要

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

CVSS v3 指标

NVD openEuler
Confidentiality High
Attack Vector Local
CVSS评分 7.8 3.0
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Integrity High
User Interaction None
Availability High

安全公告

公告名 概要 发布时间
KylinSec-SA-2023-1248 A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. 2023年4月4日

影响产品

产品 状态
KY3.4-4A multipath-tools Unaffected
KY3.4-5 multipath-tools Unaffected
KY3.5.1 multipath-tools Unaffected
KY3.5.2 multipath-tools Unaffected