"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2022-10-29 19:00:29 +00:00 · 2022-10-29 19:00:29 +00:00 · 1ab5caa85b
commit 1ab5caa85b
parent c4ed0076ce
1 changed files with 60 additions and 6 deletions
--- a/2022/41xxx/CVE-2022-41974.json
+++ b/2022/41xxx/CVE-2022-41974.json
@ -1,17 +1,71 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2022-41974",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2022-41974",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1202739",
+                "refsource": "MISC",
+                "name": "https://bugzilla.suse.com/show_bug.cgi?id=1202739"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/opensvc/multipath-tools/releases/tag/0.9.2",
+                "url": "https://github.com/opensvc/multipath-tools/releases/tag/0.9.2"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://www.openwall.com/lists/oss-security/2022/10/24/2",
+                "url": "http://www.openwall.com/lists/oss-security/2022/10/24/2"
            }
        ]
    }