Vulnerability Description
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Podman Project | Podman | < 4.0.3 |
| Redhat | Developer Tools | 1.0 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.4 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.4 |
| Redhat | Enterprise Linux For Power Little Endian | 8.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.4 |
| Redhat | Enterprise Linux Server Aus | 8.4 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.4 |
| Redhat | Enterprise Linux Server Tus | 8.4 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.4 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2066568Issue TrackingThird Party Advisory
- https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f18PatchThird Party Advisory
- https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58jThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.redhat.com/show_bug.cgi?id=2066568Issue TrackingThird Party Advisory
- https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f18PatchThird Party Advisory
- https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58jThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-27649?
CVE-2022-27649 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly w...
How severe is CVE-2022-27649?
CVE-2022-27649 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27649?
Check the references section above for vendor advisories and patch information. Affected products include: Podman Project Podman, Redhat Developer Tools, Redhat Openshift Container Platform, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.