Bug 2066837 (CVE-2022-24769)
Summary: | CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | alazar, amurdaca, aos-bugs, aos-install, aos-odin-bot, aos-storage-staff, bbennett, bdettelb, bmontgom, cnv-qe-bugs, dwalsh, eparis, fdeutsch, jburrell, jhadvig, jhrozek, jmittapa, jokerman, jortel, jsafrane, lgamliel, mfilanov, mrogers, nstielau, pdhamdhe, pegoncal, rfreiman, sd-operator-metering, security-response-team, shardy, sponnaga, suprs, team-winc, tsedovic, vkumar, wduan, xiyuan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | moby 20.10.14 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Containers using Linux users and groups to perform privilege separation inside the container are most directly impacted.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-04-20 17:27:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2067529, 2067590, 2067591, 2067592, 2067593, 2067594, 2067595, 2067596, 2067597, 2067598, 2067599, 2067600, 2067601, 2067606, 2067607, 2067608, 2067609, 2067610, 2067611, 2067612, 2067613, 2067614, 2067615, 2067616, 2067617, 2067618, 2067619, 2067620, 2067621, 2067622, 2067623, 2067624, 2067625, 2067626, 2067627, 2067628, 2067629, 2067630, 2067631, 2067632, 2067633, 2067634, 2067635, 2067636, 2067637, 2067638, 2067639, 2067640, 2067641, 2067642, 2067643, 2067644, 2067645, 2067646, 2067647, 2067648, 2067649, 2067650, 2067651, 2067652, 2067653, 2067654, 2067655, 2067656, 2067657, 2067658, 2067659, 2067660, 2067661, 2067662, 2067663, 2067664, 2067665, 2067666, 2067667, 2067668, 2067669, 2067670, 2067671, 2067672, 2067673, 2067674, 2067675, 2067676, 2067677, 2067678, 2067679, 2067680, 2067681, 2067682, 2067683, 2067684, 2067685, 2067686, 2067687, 2067688, 2067689, 2067690, 2067691, 2067692, 2067693, 2067694, 2067695, 2067696, 2067697, 2067698, 2067699, 2067700, 2067701, 2067702, 2067703, 2067948, 2067949, 2068094 | ||
Bug Blocks: | 2064591 |
Description
Pedro Sampaio
2022-03-22 15:17:18 UTC
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:1357 https://access.redhat.com/errata/RHSA-2022:1357 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:1370 https://access.redhat.com/errata/RHSA-2022:1370 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:1363 https://access.redhat.com/errata/RHSA-2022:1363 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24769 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:1622 https://access.redhat.com/errata/RHSA-2022:1622 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:1699 https://access.redhat.com/errata/RHSA-2022:1699 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:2265 https://access.redhat.com/errata/RHSA-2022:2265 |