multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows...
High severity
Unreviewed
Published
Oct 29, 2022
to the GitHub Advisory Database
•
Updated Nov 25, 2023
Description
Published by the National Vulnerability Database
Oct 29, 2022
Published to the GitHub Advisory Database
Oct 29, 2022
Last updated
Nov 25, 2023
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
References