StarlingX

[Debian] CVE: CVE-2022-41973/CVE-2022-41974: multipath-tools: multiple CVEs

Bug #2020720 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Zhixiong Chi

Bug Description

CVE-2022-41973: https://nvd.nist.gov/vuln/detail/CVE-2022-41973
Base Score: 7.8 HIGH
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

CVE-2022-41974: https://nvd.nist.gov/vuln/detail/CVE-2022-41974

Base Score: 7.8 HIGH
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

References:

https://www.debian.org/security/2023/dsa-5366

['kpartx_0.8.5-2_amd64.deb===>kpartx_0.8.5-2+deb11u1_amd64.deb', 'multipath-tools_0.8.5-2_amd64.deb===>multipath-tools_0.8.5-2+deb11u1_amd64.deb', 'multipath-tools-boot_0.8.5-2_all.deb===>multipath-tools-boot_0.8.5-2+deb11u1_all.deb']

CVE References

Yue Tao (wrytao)
Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.9.0 stx.security
Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/884588

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/884588
Committed: https://opendev.org/starlingx/tools/commit/1c842d5a4b8507be34e1d7959139d49472bc91b5
Submitter: "Zuul (22348)"
Branch: master

commit 1c842d5a4b8507be34e1d7959139d49472bc91b5
Author: Zhixiong Chi <email address hidden>
Date: Thu May 25 17:43:15 2023 +0800

    multipath-tools: fix CVE-2022-41973/CVE-2022-41974

    Upgrade the following sub-packages to 0.8.5-2+deb11u1
    multipath-tools
    multipath-tools-boot
    kpartx

    Refer to:
    https://www.debian.org/security/2023/dsa-5366

    TestPlan:
    PASS: downloader
    PASS: build-pkgs -a -c
    PASS: build-image
    PASS: Jenkins Installation.
    PASS: dpkg -l |grep multipath
    ii multipath-tools 0.8.5-2+deb11u1
    ii multipath-tools-boot 0.8.5-2+deb11u1
    PASS: dpkg -l |grep kpartx
    ii kpartx 0.8.5-2+deb11u1

    Closes-Bug: 2020720

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: Ib96070d8cf556ed476d8334133a4047dcaee166d

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.