CVE-2022-27650
Description
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.097
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update aardvark-dns-1.0.1-27.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update buildah-1.24.2-4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update buildah-debugsource-1.24.2-4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update buildah-tests-1.24.2-4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update cockpit-podman-43-1.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update conmon-2.1.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update conmon-debugsource-2.1.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update container-selinux-2.179.1-1.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update containernetworking-plugins-1.0.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update containernetworking-plugins-debugsource-1.0.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update containers-common-1-27.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update crit-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-debugsource-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-devel-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-libs-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update crun-1.4.4-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update crun-debugsource-1.4.4-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update fuse-overlayfs-1.8.2-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update fuse-overlayfs-debugsource-1.8.2-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update libslirp-4.4.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update libslirp-debugsource-4.4.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update libslirp-devel-4.4.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update netavark-1.0.1-27.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-catatonit-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-debugsource-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-docker-4.0.2-6.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-gvproxy-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-plugins-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-remote-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-tests-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update python3-criu-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update python3-podman-4.0.0-1.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update runc-1.0.3-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update runc-debugsource-1.0.3-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update skopeo-1.6.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update skopeo-debugsource-1.6.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update skopeo-tests-1.6.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update slirp4netns-1.1.8-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update slirp4netns-debugsource-1.1.8-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update toolbox-0.0.99.3-0.4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update toolbox-debugsource-0.0.99.3-0.4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update toolbox-tests-0.0.99.3-0.4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update udica-0.2.6-2.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update buildah-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update buildah-debugsource-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update buildah-tests-1.19.9-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update cockpit-podman-29-2.module+el8.6.0+14694+4f5132e0.noarch.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update conmon-2.0.26-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update conmon-debugsource-2.0.26-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update container-selinux-2.178.0-2.module+el8.6.0+14694+4f5132e0.noarch.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update containernetworking-plugins-0.9.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update crit-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update criu-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update criu-debugsource-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update crun-0.18-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update crun-debugsource-0.18-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update fuse-overlayfs-1.4.0-2.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update libslirp-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update libslirp-debugsource-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update libslirp-devel-4.3.1-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-catatonit-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-debugsource-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-docker-3.0.1-8.module+el8.6.0+14694+4f5132e0.noarch.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-plugins-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-remote-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update podman-tests-3.0.1-8.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update python3-criu-3.15-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update runc-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update skopeo-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update skopeo-debugsource-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update skopeo-tests-1.2.4-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update slirp4netns-1.1.8-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0.x86_64.rpm | Linux |
| (RHSA-2022:1793) container-tools:3.0 security and bug fix update udica-0.2.4-1.module+el8.6.0+14694+4f5132e0.noarch.rpm | Linux |
| Buildah update (ELSA-2022-7529) buildah-1.19.9-6.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Buildah-tests update (ELSA-2022-7529) buildah-tests-1.19.9-6.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Cockpit-podman update (ELSA-2022-7529) cockpit-podman-29-2.module+el8.7.0+20785+0180d035.noarch.rpm | Linux |
| Conmon update (ELSA-2022-7529) conmon-2.0.26-3.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Container-selinux update (ELSA-2022-7529) container-selinux-2.189.0-1.module+el8.7.0+20785+0180d035.noarch.rpm | Linux |
| Containernetworking-plugins update (ELSA-2022-7529) containernetworking-plugins-0.9.1-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Containers-common update (ELSA-2022-7529) containers-common-1.2.4-2.0.1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Crit update (ELSA-2022-7529) crit-3.15-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Criu update (ELSA-2022-7529) criu-3.15-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Crun update (ELSA-2022-7529) crun-0.18-3.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Fuse-overlayfs update (ELSA-2022-7529) fuse-overlayfs-1.4.0-2.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Libslirp update (ELSA-2022-7529) libslirp-4.3.1-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Libslirp-devel update (ELSA-2022-7529) libslirp-devel-4.3.1-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Oci-seccomp-bpf-hook update (ELSA-2022-7529) oci-seccomp-bpf-hook-1.2.0-3.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Podman update (ELSA-2022-7529) podman-3.0.1-13.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Podman-catatonit update (ELSA-2022-7529) podman-catatonit-3.0.1-13.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Podman-docker update (ELSA-2022-7529) podman-docker-3.0.1-13.module+el8.7.0+20785+0180d035.noarch.rpm | Linux |
| Podman-plugins update (ELSA-2022-7529) podman-plugins-3.0.1-13.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Podman-remote update (ELSA-2022-7529) podman-remote-3.0.1-13.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Podman-tests update (ELSA-2022-7529) podman-tests-3.0.1-13.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Python3-criu update (ELSA-2022-7529) python3-criu-3.15-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Runc update (ELSA-2022-7529) runc-1.0.0-73.rc95.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Skopeo update (ELSA-2022-7529) skopeo-1.2.4-2.0.1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Skopeo-tests update (ELSA-2022-7529) skopeo-tests-1.2.4-2.0.1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Slirp4netns update (ELSA-2022-7529) slirp4netns-1.1.8-1.module+el8.7.0+20785+0180d035.x86_64.rpm | Linux |
| Udica update (ELSA-2022-7529) udica-0.2.4-1.module+el8.7.0+20785+0180d035.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234