发布时间: 2023年4月4日
修改时间: 2024年11月30日
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
NVD | openEuler | |
---|---|---|
Confidentiality | High | |
Attack Vector | Local | |
CVSS评分 | 7.8 | 3.0 |
Attack Complexity | Low | |
Privileges Required | Low | |
Scope | Unchanged | |
Integrity | High | |
User Interaction | None | |
Availability | High |
公告名 | 概要 | 发布时间 |
---|---|---|
KylinSec-SA-2023-1248 | A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. | 2023年4月4日 |
产品 | 包 | 状态 |
---|---|---|
KY3.4-4A | multipath-tools | Unaffected |
KY3.4-5 | multipath-tools | Unaffected |
KY3.5.1 | multipath-tools | Unaffected |
KY3.5.2 | multipath-tools | Unaffected |