vulnerability

Amazon Linux 2023: CVE-2022-41973: Important priority package update for device-mapper-multipath

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Oct 24, 2022
Added
Feb 17, 2025
Modified
Jul 9, 2025

Description

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

Solutions

amazon-linux-2023-upgrade-device-mapper-multipathamazon-linux-2023-upgrade-device-mapper-multipath-debuginfoamazon-linux-2023-upgrade-device-mapper-multipath-debugsourceamazon-linux-2023-upgrade-device-mapper-multipath-develamazon-linux-2023-upgrade-device-mapper-multipath-libsamazon-linux-2023-upgrade-device-mapper-multipath-libs-debuginfoamazon-linux-2023-upgrade-kpartxamazon-linux-2023-upgrade-kpartx-debuginfoamazon-linux-2023-upgrade-libdmmpamazon-linux-2023-upgrade-libdmmp-debuginfoamazon-linux-2023-upgrade-libdmmp-devel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today