CVE-2022-29162: Incorrect Default Permissions in runc
First published: Fri May 13 2022(Updated: )
"A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set." Please bump to 1.1.2. <a href="https://bugs.gentoo.org/844085">https://bugs.gentoo.org/844085</a>
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/runc | <4:1.1.4-1.el9 | 4:1.1.4-1.el9 |
| redhat/runc | <3:1.1.2-1.rhaos4.11.el8 | 3:1.1.2-1.rhaos4.11.el8 |
| Linuxfoundation Runc | <1.1.2 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| redhat/runc | <1.1.2 | 1.1.2 |
| debian/runc | 1.0.0~rc93+ds1-5+deb11u5 1.0.0~rc93+ds1-5+deb11u3 1.1.5+ds1-1+deb12u1 1.1.15+ds1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-29162 https://nvd.nist.gov/vuln/detail/CVE-2022-29162 https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
- https://bugzilla.redhat.com/show_bug.cgi?id=2086398
- https://access.redhat.com/errata/RHSA-2022:7457
- https://access.redhat.com/errata/RHSA-2022:7469
- https://access.redhat.com/errata/RHSA-2022:8090
- https://access.redhat.com/errata/RHSA-2022:5068
- https://access.redhat.com/security/cve/cve-2022-29162
- https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
- https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
- https://github.com/opencontainers/runc/releases/tag/v1.1.2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- https://launchpad.net/bugs/cve/CVE-2022-29162
- https://bugs.gentoo.org/844085
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2086400
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2086399
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
- https://www.openwall.com/lists/oss-security/2022/05/12/1
- https://github.com/opencontainers/runc/commit/364ec0f1b4fa188ad96049c590ecb42fa70ea165
- https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65
- https://security-tracker.debian.org/tracker/CVE-2022-29162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162
- https://nvd.nist.gov/vuln/detail/CVE-2022-29162
- https://ubuntu.com/security/CVE-2022-29162
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-29162
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/linuxfoundation
- canonical/linuxfoundation runc
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- package-manager/debian