VDB

DEBIAN-CVE-2022-41974

DEBIAN-CVE-2022-41974 PUBLISHED CVSS 7.800000190734863 HIGH

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11multipath-tools0.8.5-2, 0.8.5-2, 0
Debian:13multipath-tools0, 0, 0
Debian:14multipath-tools0, 0, 0
Debian:12multipath-tools0, 0, 0

Timeline

  • Oct 29, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›