CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Configurations

Configuration 1 (hide)

cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

History

14 May 2022, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ -

13 May 2022, 12:20

Type Values Removed Values Added
First Time Fedoraproject
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Tus
Fedoraproject fedora
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Aus
CPE cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ - Mailing List, Third Party Advisory

07 May 2022, 07:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/ -

29 Apr 2022, 09:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ -

13 Apr 2022, 17:07

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 6.0
v3 : 7.5
First Time Podman Project
Redhat enterprise Linux
Podman Project podman
Redhat openshift Container Platform
Redhat
CWE CWE-276
References (MISC) https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j - (MISC) https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j - Third Party Advisory
References (MISC) https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 - (MISC) https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 - Patch, Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2066568 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2066568 - Issue Tracking, Third Party Advisory

04 Apr 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-04 20:15

Updated : 2022-05-14 03:15


NVD link : CVE-2022-27649

Mitre link : CVE-2022-27649


JSON object : View

Products Affected

redhat

  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_server_tus
  • enterprise_linux_server_aus
  • openshift_container_platform
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux
  • enterprise_linux_eus

fedoraproject

  • fedora

podman_project

  • podman
CWE
CWE-276

Incorrect Default Permissions