Bug 2066568 (CVE-2022-27649) - CVE-2022-27649 podman: Default inheritable capabilities for linux container should be empty
Summary: CVE-2022-27649 podman: Default inheritable capabilities for linux container s...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-27649
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2067502 Red Hat2067503 Red Hat2067504 Red Hat2067505 Red Hat2067506 Red Hat2067507 Red Hat2067508 Red Hat2067509 Red Hat2067510 Red Hat2067511 Red Hat2067512 Red Hat2067513 Red Hat2067514 Red Hat2067515 Red Hat2067516 Red Hat2067517 Red Hat2067518 Red Hat2067519 Red Hat2067520 Red Hat2067521 Red Hat2067522 Red Hat2067523 Red Hat2067524 Red Hat2067525 Red Hat2067526 Red Hat2067527 2070102 Red Hat2070103
Blocks: Embargoed2064591 Red Hat2070125
TreeView+ depends on / blocked
 
Reported: 2022-03-22 05:02 UTC by TEJ RATHI
Modified: 2022-12-06 01:02 UTC (History)
26 users (show)

Fixed In Version: podman 4.0.3
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Clone Of:
Environment:
Last Closed: 2022-12-06 01:02:51 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:2176 0 None None None 2022-05-11 01:09:26 UTC
Red Hat Product Errata RHBA-2022:4920 0 None None None 2022-06-06 21:58:26 UTC
Red Hat Product Errata RHSA-2022:1407 0 None None None 2022-04-19 15:35:54 UTC
Red Hat Product Errata RHSA-2022:1565 0 None None None 2022-04-26 17:33:44 UTC
Red Hat Product Errata RHSA-2022:1566 0 None None None 2022-04-26 17:34:02 UTC
Red Hat Product Errata RHSA-2022:1762 0 None None None 2022-05-10 13:18:09 UTC
Red Hat Product Errata RHSA-2022:4651 0 None None None 2022-05-18 13:57:05 UTC
Red Hat Product Errata RHSA-2022:4816 0 None None None 2022-05-31 12:15:03 UTC

Description TEJ RATHI 2022-03-22 05:02:47 UTC 
A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted.
Comment 4 Avinash Hanwate 2022-03-30 12:35:24 UTC 
Created podman tracking bugs for this issue:

Affects: fedora-all [bug 2070102]
Comment 7 Salvatore Bonaccorso 2022-04-01 19:10:28 UTC 
Reference to podman project: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
Comment 9 errata-xmlrpc 2022-04-19 15:35:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1407 https://access.redhat.com/errata/RHSA-2022:1407
Comment 10 errata-xmlrpc 2022-04-26 17:33:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1565 https://access.redhat.com/errata/RHSA-2022:1565
Comment 11 errata-xmlrpc 2022-04-26 17:33:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1566 https://access.redhat.com/errata/RHSA-2022:1566
Comment 15 errata-xmlrpc 2022-05-10 13:18:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1762 https://access.redhat.com/errata/RHSA-2022:1762
Comment 16 errata-xmlrpc 2022-05-18 13:57:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4651 https://access.redhat.com/errata/RHSA-2022:4651
Comment 17 errata-xmlrpc 2022-05-31 12:15:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4816 https://access.redhat.com/errata/RHSA-2022:4816
Comment 18 Product Security DevOps Team 2022-12-06 01:02:48 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-27649
Note You need to log in before you can comment on or make changes to this bug.