{"id":"ALSA-2022:7192","summary":"Important: device-mapper-multipath security update","details":"The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.\n\nSecurity Fix(es):\n\n* device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T01:40:00.963579Z","published":"2022-10-25T00:00:00Z","related":["CVE-2022-41974"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:7192"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-41974"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2133988"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2022-7192.html"}],"affected":[{"package":{"name":"device-mapper-multipath","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/device-mapper-multipath"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.4-22.el8_6.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:7192.json"}},{"package":{"name":"device-mapper-multipath-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/device-mapper-multipath-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.4-22.el8_6.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:7192.json"}},{"package":{"name":"device-mapper-multipath-libs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/device-mapper-multipath-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.4-22.el8_6.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:7192.json"}},{"package":{"name":"kpartx","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kpartx"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.4-22.el8_6.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:7192.json"}},{"package":{"name":"libdmmp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libdmmp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.4-22.el8_6.2"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:7192.json"}}],"schema_version":"1.7.3"}