Bug 2134063 (CVE-2022-3466) - CVE-2022-3466 cri-o: Security regression of CVE-2022-27652
Summary: CVE-2022-3466 cri-o: Security regression of CVE-2022-27652
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-3466
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2064591
TreeView+ depends on / blocked
 
Reported: 2022-10-12 10:18 UTC by Mauro Matteo Cascella
Modified: 2023-01-21 07:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
Clone Of:
Environment:
Last Closed: 2023-01-21 07:52:10 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7398 0 None None None 2023-01-17 14:51:45 UTC

Description Mauro Matteo Cascella 2022-10-12 10:18:46 UTC
The following cri-o packages as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31 and 4.11.6 included an incorrect version of cri-o that was missing the fix for CVE-2022-27652:

- cri-o-1.22.5-10.rhaos4.9.gitd14fede.el8 via RHBA-2022:6316 (https://access.redhat.com/errata/RHBA-2022:6316)
- cri-o-1.23.3-16.rhaos4.10.gitd7c9b35.el8 via RHBA-2022:6257 (https://access.redhat.com/errata/RHBA-2022:6257)
- cri-o-1.24.2-7.rhaos4.11.gitca400e0.el8 via RHBA-2022:6658 (https://access.redhat.com/errata/RHBA-2022:6658)

The regressed CVE-2022-27652 was previously corrected in Red Hat OpenShift Container Platform 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600, respectively.

CVE-2022-3466 was assigned to this security regression and it is specific to the cri-o packages produced by Red Hat. The original issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details about the original issue, see:

https://access.redhat.com/security/cve/CVE-2022-27652
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-27652

Comment 2 errata-xmlrpc 2023-01-17 14:51:43 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398

Comment 3 Product Security DevOps Team 2023-01-21 07:52:07 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3466


Note You need to log in before you can comment on or make changes to this bug.