Oval Definition:	oval:org.opensuse.security:def:20223787
Revision Date: 2023-06-22 Version: 1 Title: CVE-2022-3787 Description: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2022-3787 SUSE CVE-2022-3787 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information kpartx is not affected OR libdmmp-devel is not affected OR libdmmp0_2_0 is not affected OR libmpath0 is not affected OR multipath-tools is not affected OR multipath-tools-devel is not affected Definition Synopsis SUSE Linux Enterprise Micro 5.4 is installed AND Package Information kpartx is not affected OR libmpath0 is not affected OR multipath-tools is not affected
BACK