Published: 17/05/2022 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation runc
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36

Synopsis Low: runc security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for runc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security impact of ...

Synopsis Moderate: OpenShift Container Platform 4110 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packag ...

Synopsis Moderate: container-tools:40 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:40 module is now available for Red Hat Enterprise Linux 8Red Hat Produc ...

Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...

Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...

Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linu ...

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification A bug was found in runc prior to version 112 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate ...

A non-exploitable security flaw was found in runc resulting in an atypical Linux environment inside containers ...

Critical Infrastructure Sectors: Critical Manufacturing

Контейнер с тестовым проектом - HTML + nginx Создадим Dockerfile: php FROM php:fpm RUN apt-get update && docker-php-ext-install mysqli nginx FROM nginx ADD /defaultconf /etc/nginx/confd Создадим простую HTML-стр�

Контейнер с тестовым проектом - HTML + nginx Создадим Dockerfile: FROM nginx:alpine COPY /usr/share/nginx/html/ EXPOSE 80 CMD ["nginx", "-g", "daemon off;"] Создадим простую HTML-страницу: <!DOCTYPE html> &a

CWE-276 https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5 https://github.com/opencontainers/runc/releases/tag/v1.1.2 https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:8090 https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://access.redhat.com/security/cve/cve-2022-29162

CVE-2022-29162

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect