ALAS2023-2023-126

Amazon Linux 2023 Security Advisory: ALAS-2023-126
Advisory Release Date: 2023-03-07 00:29 Pacific
Advisory Updated Date: 2023-03-08 00:51 Pacific
Severity: Important
Issue Overview:

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. (CVE-2022-3787)

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. (CVE-2022-41973)

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. (CVE-2022-41974)


Affected Packages:

device-mapper-multipath


Issue Correction:
Run dnf update device-mapper-multipath --releasever=2023.0.20230308 to update your system.

New Packages:
aarch64:
    device-mapper-multipath-debuginfo-0.8.7-16.amzn2023.0.1.aarch64
    kpartx-debuginfo-0.8.7-16.amzn2023.0.1.aarch64
    device-mapper-multipath-debugsource-0.8.7-16.amzn2023.0.1.aarch64
    libdmmp-0.8.7-16.amzn2023.0.1.aarch64
    libdmmp-devel-0.8.7-16.amzn2023.0.1.aarch64
    libdmmp-debuginfo-0.8.7-16.amzn2023.0.1.aarch64
    device-mapper-multipath-devel-0.8.7-16.amzn2023.0.1.aarch64
    kpartx-0.8.7-16.amzn2023.0.1.aarch64
    device-mapper-multipath-0.8.7-16.amzn2023.0.1.aarch64
    device-mapper-multipath-libs-debuginfo-0.8.7-16.amzn2023.0.1.aarch64
    device-mapper-multipath-libs-0.8.7-16.amzn2023.0.1.aarch64

src:
    device-mapper-multipath-0.8.7-16.amzn2023.0.1.src

x86_64:
    device-mapper-multipath-libs-debuginfo-0.8.7-16.amzn2023.0.1.x86_64
    kpartx-0.8.7-16.amzn2023.0.1.x86_64
    device-mapper-multipath-debugsource-0.8.7-16.amzn2023.0.1.x86_64
    libdmmp-debuginfo-0.8.7-16.amzn2023.0.1.x86_64
    libdmmp-0.8.7-16.amzn2023.0.1.x86_64
    kpartx-debuginfo-0.8.7-16.amzn2023.0.1.x86_64
    device-mapper-multipath-devel-0.8.7-16.amzn2023.0.1.x86_64
    device-mapper-multipath-0.8.7-16.amzn2023.0.1.x86_64
    libdmmp-devel-0.8.7-16.amzn2023.0.1.x86_64
    device-mapper-multipath-debuginfo-0.8.7-16.amzn2023.0.1.x86_64
    device-mapper-multipath-libs-0.8.7-16.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2022-3787, CVE-2022-41973, CVE-2022-41974

Mitre: CVE-2022-3787, CVE-2022-41973, CVE-2022-41974