"A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set." Please bump to 1.1.2. https://bugs.gentoo.org/844085
Created runc tracking bugs for this issue: Affects: fedora-34 [bug 2086400] Affects: fedora-35 [bug 2086399]
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7457 https://access.redhat.com/errata/RHSA-2022:7457
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7469 https://access.redhat.com/errata/RHSA-2022:7469
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8090 https://access.redhat.com/errata/RHSA-2022:8090
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-29162