Bug 2066568 (CVE-2022-27649) - CVE-2022-27649 podman: Default inheritable capabilities for linux container should be empty
Summary: CVE-2022-27649 podman: Default inheritable capabilities for linux container s...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-27649
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2067502 2067503 2067504 2067505 2067506 2067507 2067508 2067509 2067510 2067511 2067512 2067513 2067514 2067515 2067516 2067517 2067518 2067519 2067520 2067521 2067522 2067523 2067524 2067525 2067526 2067527 2070102 2070103
Blocks: 2064591 2070125
TreeView+ depends on / blocked
 
Reported: 2022-03-22 05:02 UTC by TEJ RATHI
Modified: 2022-12-06 01:02 UTC (History)
26 users (show)

Fixed In Version: podman 4.0.3
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Clone Of:
Environment:
Last Closed: 2022-12-06 01:02:51 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:2176 0 None None None 2022-05-11 01:09:26 UTC
Red Hat Product Errata RHBA-2022:4920 0 None None None 2022-06-06 21:58:26 UTC
Red Hat Product Errata RHSA-2022:1407 0 None None None 2022-04-19 15:35:54 UTC
Red Hat Product Errata RHSA-2022:1565 0 None None None 2022-04-26 17:33:44 UTC
Red Hat Product Errata RHSA-2022:1566 0 None None None 2022-04-26 17:34:02 UTC
Red Hat Product Errata RHSA-2022:1762 0 None None None 2022-05-10 13:18:09 UTC
Red Hat Product Errata RHSA-2022:4651 0 None None None 2022-05-18 13:57:05 UTC
Red Hat Product Errata RHSA-2022:4816 0 None None None 2022-05-31 12:15:03 UTC

Description TEJ RATHI 2022-03-22 05:02:47 UTC 
A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted.
Comment 4 Avinash Hanwate 2022-03-30 12:35:24 UTC 
Created podman tracking bugs for this issue:

Affects: fedora-all [bug 2070102]
Comment 7 Salvatore Bonaccorso 2022-04-01 19:10:28 UTC 
Reference to podman project: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
Comment 9 errata-xmlrpc 2022-04-19 15:35:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1407 https://access.redhat.com/errata/RHSA-2022:1407
Comment 10 errata-xmlrpc 2022-04-26 17:33:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1565 https://access.redhat.com/errata/RHSA-2022:1565
Comment 11 errata-xmlrpc 2022-04-26 17:33:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1566 https://access.redhat.com/errata/RHSA-2022:1566
Comment 15 errata-xmlrpc 2022-05-10 13:18:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1762 https://access.redhat.com/errata/RHSA-2022:1762
Comment 16 errata-xmlrpc 2022-05-18 13:57:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4651 https://access.redhat.com/errata/RHSA-2022:4651
Comment 17 errata-xmlrpc 2022-05-31 12:15:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4816 https://access.redhat.com/errata/RHSA-2022:4816
Comment 18 Product Security DevOps Team 2022-12-06 01:02:48 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-27649
Note You need to log in before you can comment on or make changes to this bug.