CVE-2022-3787

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions device-mapper-multipath (affected versions not specified)

Description A local privilege escalation issue exists, allowing local users to obtain root access by exploiting a flaw in the handling of UNIX domain sockets. This can be achieved by manipulating the multipath setup, taking advantage of the mishandling of repeated keywords when arithmetic ADD is used instead of bitwise OR.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

ALSA-2022:7928

ALSA-2022:8453

CESA-2022_7928

CVE-2022-3787

RHSA-2022:7928

RHSA-2022:8453

RHSA-2022_7928

RHSA-2022_8453

RLSA-2022:7928

RLSA-2022:8453

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Device-Mapper-Multipath

CVE-2022-3787

Weakness Enumeration

Related Identifiers

Affected Products

References · 18