CVE & CISA-KEV Catalog

CVE-2022-41973

HIGH
7.8
CVSS v3
NVD

Description

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

How to fix

Remediation Available
multipath-toolsDebian
Fixed in:0.8.5-2+deb11u1CVE-2022-41973
Fixed in:0.9.4-1CVE-2022-41973
Fixed in:0.9.4-1CVE-2022-41973
Fixed in:0.9.4-1CVE-2022-41973
device-mapper-multipathRocky
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipathRed Hat / RHEL
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-debuginfoRed Hat / RHEL
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-debuginfoRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-debugsourceRed Hat / RHEL
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-debugsourceRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-develRed Hat / RHEL
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-develRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-libsRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-libsRed Hat / RHEL
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-libs-debuginfoRed Hat / RHEL
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
device-mapper-multipath-libs-debuginfoRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
kpartxRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
kpartxRed Hat / RHEL
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
kpartx-debuginfoRed Hat / RHEL
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
kpartx-debuginfoRocky
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
libdmmpRed Hat / RHEL
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
libdmmpRocky
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
libdmmp-debuginfoRocky
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
libdmmp-debuginfoRed Hat / RHEL
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-22.el8_6.5RHSA-2024:1110
Fixed in:0:0.8.4-37.el8RHSA-2023:2948
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
Fixed in:0:0.8.7-20.el9RHSA-2023:2459
multipath-toolsUbuntu
Fixed in:0.7.4-2ubuntu3.2USN-5731-1
Fixed in:0.8.3-1ubuntu2.1USN-5731-1
Fixed in:0.8.8-1ubuntu1.22.04.1USN-5731-1
Fixed in:0.8.8-1ubuntu1.22.10.1USN-5731-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.66%probability of exploitation in 30 days
47thpercentile

Moderate risk: more likely to be exploited than 47% of all known CVEs.

References

Related Vulnerabilities

Other CWE-59 (Link Following) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2022-30333High7.599%KEV + RansomFix
CVE-2021-21300High8.089%-Fix
CVE-2021-32610High7.173%-Fix
CVE-2020-36193High7.571%KEVFix
CVE-2023-40028Medium4.958%-Fix
CVE-2020-0787High7.843%KEV + Ransom-
Embed a live status badge for CVE-2022-41973
CVE-2022-41973 severity badge

Markdown

[![CVE-2022-41973](https://tridentstack.com/cve/badge/CVE-2022-41973.svg)](https://tridentstack.com/cve/CVE-2022-41973)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-41973"><img src="https://tridentstack.com/cve/badge/CVE-2022-41973.svg" alt="CVE-2022-41973"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.