PT-2023-13556 · Unknown+4 · Device-Mapper-Multipath+4

Tomas Hoger

Publicado

2022-11-07

Atualizado

2025-02-18

CVE-2022-3787

CVSS v3.1

8.4

Alta

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions device-mapper-multipath (affected versions not specified)

Description A local privilege escalation issue exists, allowing local users to obtain root access by exploiting a flaw in the handling of UNIX domain sockets. This can be achieved by manipulating the multipath setup, taking advantage of the mishandling of repeated keywords when arithmetic ADD is used instead of bitwise OR.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

ALSA-2022:7928

ALSA-2022:8453

CESA-2022_7928

CVE-2022-3787

RHSA-2022:7928

RHSA-2022:8453

RHSA-2022_7928

RHSA-2022_8453

RLSA-2022:7928

RLSA-2022:8453

Produtos afetados

Almalinux

Centos

Red Hat

Rocky Linux

Device-Mapper-Multipath

PT-2023-13556 · Unknown+4 · Device-Mapper-Multipath+4

CVE-2022-3787

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18