Vulnerability Details CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.0
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2066568
- https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
- https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
- https://bugzilla.redhat.com/show_bug.cgi?id=2066568
- https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
- https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
Products affected by CVE-2022-27649
-
cpe:2.3:a:podman_project:podman:-
-
cpe:2.3:a:podman_project:podman:0.10.1
-
cpe:2.3:a:podman_project:podman:0.10.1.1
-
cpe:2.3:a:podman_project:podman:0.10.1.2
-
cpe:2.3:a:podman_project:podman:0.10.1.3
-
cpe:2.3:a:podman_project:podman:0.11.1
-
cpe:2.3:a:podman_project:podman:0.11.1.1
-
cpe:2.3:a:podman_project:podman:0.12.1
-
cpe:2.3:a:podman_project:podman:0.12.1.1
-
cpe:2.3:a:podman_project:podman:0.12.1.2
-
cpe:2.3:a:podman_project:podman:0.2
-
cpe:2.3:a:podman_project:podman:0.2.1
-
cpe:2.3:a:podman_project:podman:0.2.2
-
cpe:2.3:a:podman_project:podman:0.3.1
-
cpe:2.3:a:podman_project:podman:0.3.2
-
cpe:2.3:a:podman_project:podman:0.3.3
-
cpe:2.3:a:podman_project:podman:0.3.4
-
cpe:2.3:a:podman_project:podman:0.3.5
-
cpe:2.3:a:podman_project:podman:0.4.1
-
cpe:2.3:a:podman_project:podman:0.4.2
-
cpe:2.3:a:podman_project:podman:0.4.3
-
cpe:2.3:a:podman_project:podman:0.4.4
-
cpe:2.3:a:podman_project:podman:0.5.1
-
cpe:2.3:a:podman_project:podman:0.5.2
-
cpe:2.3:a:podman_project:podman:0.5.3
-
cpe:2.3:a:podman_project:podman:0.5.4
-
cpe:2.3:a:podman_project:podman:0.6.1
-
cpe:2.3:a:podman_project:podman:0.6.2
-
cpe:2.3:a:podman_project:podman:0.6.3
-
cpe:2.3:a:podman_project:podman:0.6.4
-
cpe:2.3:a:podman_project:podman:0.6.5
-
cpe:2.3:a:podman_project:podman:0.7.1
-
cpe:2.3:a:podman_project:podman:0.7.2
-
cpe:2.3:a:podman_project:podman:0.7.3
-
cpe:2.3:a:podman_project:podman:0.7.4
-
cpe:2.3:a:podman_project:podman:0.8.1
-
cpe:2.3:a:podman_project:podman:0.8.2
-
cpe:2.3:a:podman_project:podman:0.8.2.1
-
cpe:2.3:a:podman_project:podman:0.8.3
-
cpe:2.3:a:podman_project:podman:0.8.4
-
cpe:2.3:a:podman_project:podman:0.8.5
-
cpe:2.3:a:podman_project:podman:0.9.1
-
cpe:2.3:a:podman_project:podman:0.9.1.1
-
cpe:2.3:a:podman_project:podman:0.9.2
-
cpe:2.3:a:podman_project:podman:0.9.2.1
-
cpe:2.3:a:podman_project:podman:0.9.3
-
cpe:2.3:a:podman_project:podman:0.9.3.1
-
cpe:2.3:a:podman_project:podman:1.0.0
-
cpe:2.3:a:podman_project:podman:1.0.1
-
cpe:2.3:a:podman_project:podman:1.0.2
-
cpe:2.3:a:podman_project:podman:1.0.3
-
cpe:2.3:a:podman_project:podman:1.0.4
-
cpe:2.3:a:podman_project:podman:1.0.5
-
cpe:2.3:a:podman_project:podman:1.1.0
-
cpe:2.3:a:podman_project:podman:1.1.1
-
cpe:2.3:a:podman_project:podman:1.1.2
-
cpe:2.3:a:podman_project:podman:1.2.0
-
cpe:2.3:a:podman_project:podman:1.3.0
-
cpe:2.3:a:podman_project:podman:1.3.1
-
cpe:2.3:a:podman_project:podman:1.3.2
-
cpe:2.3:a:podman_project:podman:1.4.0
-
cpe:2.3:a:podman_project:podman:1.4.1
-
cpe:2.3:a:podman_project:podman:1.4.2
-
cpe:2.3:a:podman_project:podman:1.4.3
-
cpe:2.3:a:podman_project:podman:1.4.4
-
cpe:2.3:a:podman_project:podman:1.5.0
-
cpe:2.3:a:podman_project:podman:1.5.1
-
cpe:2.3:a:podman_project:podman:1.6.0
-
cpe:2.3:a:podman_project:podman:1.6.1
-
cpe:2.3:a:podman_project:podman:1.6.2
-
cpe:2.3:a:podman_project:podman:1.6.3
-
cpe:2.3:a:podman_project:podman:1.6.4
-
cpe:2.3:a:podman_project:podman:1.6.4-32.el7_9
-
cpe:2.3:a:podman_project:podman:1.6.5
-
cpe:2.3:a:podman_project:podman:1.7.0
-
cpe:2.3:a:podman_project:podman:1.8.0
-
cpe:2.3:a:podman_project:podman:1.8.1
-
cpe:2.3:a:podman_project:podman:1.8.2
-
cpe:2.3:a:podman_project:podman:1.9.0
-
cpe:2.3:a:podman_project:podman:1.9.1
-
cpe:2.3:a:podman_project:podman:1.9.2
-
cpe:2.3:a:podman_project:podman:1.9.3
-
cpe:2.3:a:podman_project:podman:2.0.0
-
cpe:2.3:a:podman_project:podman:2.0.1
-
cpe:2.3:a:podman_project:podman:2.0.2
-
cpe:2.3:a:podman_project:podman:2.0.3
-
cpe:2.3:a:podman_project:podman:2.0.4
-
cpe:2.3:a:podman_project:podman:2.0.5
-
cpe:2.3:a:podman_project:podman:2.0.6
-
cpe:2.3:a:podman_project:podman:2.1.0
-
cpe:2.3:a:podman_project:podman:2.1.1
-
cpe:2.3:a:podman_project:podman:2.2.0
-
cpe:2.3:a:podman_project:podman:2.2.1
-
cpe:2.3:a:podman_project:podman:3.0.0
-
cpe:2.3:a:podman_project:podman:3.0.1
-
cpe:2.3:a:podman_project:podman:3.0.2
-
cpe:2.3:a:podman_project:podman:3.1.0
-
cpe:2.3:a:podman_project:podman:3.1.1
-
cpe:2.3:a:podman_project:podman:3.1.2
-
cpe:2.3:a:podman_project:podman:3.2.0
-
cpe:2.3:a:podman_project:podman:3.2.1
-
cpe:2.3:a:podman_project:podman:3.2.2
-
cpe:2.3:a:podman_project:podman:3.2.3
-
cpe:2.3:a:podman_project:podman:3.3.0
-
cpe:2.3:a:podman_project:podman:3.3.1
-
cpe:2.3:a:podman_project:podman:3.4.0
-
cpe:2.3:a:podman_project:podman:3.4.1
-
cpe:2.3:a:podman_project:podman:3.4.2
-
cpe:2.3:a:podman_project:podman:3.4.3
-
cpe:2.3:a:podman_project:podman:3.4.4
-
cpe:2.3:a:podman_project:podman:3.4.5
-
cpe:2.3:a:podman_project:podman:3.4.6
-
cpe:2.3:a:podman_project:podman:3.4.7
-
cpe:2.3:a:podman_project:podman:4.0.0
-
cpe:2.3:a:podman_project:podman:4.0.1
-
cpe:2.3:a:podman_project:podman:4.0.2
-
cpe:2.3:a:redhat:developer_tools:1.0
-
cpe:2.3:a:redhat:openshift_container_platform:4.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:8.6
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6
-
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.4cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4
-
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.6cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6