{"id":"USN-5731-1","summary":"multipath-tools vulnerabilities","details":"It was discovered that multipath-tools incorrectly handled symlinks. A\nlocal attacker could possibly use this issue, in combination with other\nissues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,\nUbuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)\n\nIt was discovered that multipath-tools incorrectly handled access controls.\nA local attacker could possibly use this issue, in combination with other\nissues, to escalate privileges. (CVE-2022-41974)\n","modified":"2026-02-10T04:42:50Z","published":"2022-11-17T13:14:45Z","related":["UBUNTU-CVE-2022-41973","UBUNTU-CVE-2022-41974"],"upstream":["CVE-2022-41973","CVE-2022-41974","UBUNTU-CVE-2022-41973","UBUNTU-CVE-2022-41974"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5731-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41973"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41974"}],"affected":[{"package":{"name":"multipath-tools","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/multipath-tools@0.7.4-2ubuntu3.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.4-2ubuntu3.2"}]}],"versions":["0.6.4-5ubuntu1","0.7.4-2ubuntu1","0.7.4-2ubuntu3","0.7.4-2ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.7.4-2ubuntu3.2","binary_name":"kpartx"},{"binary_version":"0.7.4-2ubuntu3.2","binary_name":"kpartx-boot"},{"binary_version":"0.7.4-2ubuntu3.2","binary_name":"multipath-tools"},{"binary_version":"0.7.4-2ubuntu3.2","binary_name":"multipath-tools-boot"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-41974"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5731-1.json"}},{"package":{"name":"multipath-tools","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/multipath-tools@0.8.3-1ubuntu2.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.3-1ubuntu2.1"}]}],"versions":["0.7.9-3ubuntu6","0.7.9-3ubuntu7","0.8.3-1ubuntu1","0.8.3-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.8.3-1ubuntu2.1","binary_name":"kpartx"},{"binary_version":"0.8.3-1ubuntu2.1","binary_name":"kpartx-boot"},{"binary_version":"0.8.3-1ubuntu2.1","binary_name":"multipath-tools"},{"binary_version":"0.8.3-1ubuntu2.1","binary_name":"multipath-tools-boot"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-41973"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-41974"}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5731-1.json"}},{"package":{"name":"multipath-tools","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/multipath-tools@0.8.8-1ubuntu1.22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.8-1ubuntu1.22.04.1"}]}],"versions":["0.8.5-2ubuntu2","0.8.5-2ubuntu3","0.8.8-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.8.8-1ubuntu1.22.04.1","binary_name":"kpartx"},{"binary_version":"0.8.8-1ubuntu1.22.04.1","binary_name":"kpartx-boot"},{"binary_version":"0.8.8-1ubuntu1.22.04.1","binary_name":"multipath-tools"},{"binary_version":"0.8.8-1ubuntu1.22.04.1","binary_name":"multipath-tools-boot"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-41973"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-41974"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5731-1.json"}}],"schema_version":"1.7.3"}