CVE-2022-27650

Name
CVE-2022-27650
Description
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2066845
MISC https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6
MISC https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:crun_project:crun:*:*:*:*:*:*:*:* crun >= None < 1.4.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
crun 3.15-community 1.3-r0 Michał Polański <michal@polanski.me> possibly vulnerable