CVE-2022-27650 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-27650 PUBLISHED

Reported by redhat · Published April 4, 2022

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Affected Products

Vendor	Product	Versions
n/a	crun	Affects crun v1.4.3 and prior, Fixed in – v1.4.4
n/a	crun	Affects crun v1.4.3 and prior, Fixed in – v1.4.4

Timeline

Apr 4, 2022 CVE Published
Apr 5, 2022 EPSS Score
May 25, 2022 EPSS Score
Jul 15, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 12, 2022 EPSS Score
Jan 31, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 22, 2023 EPSS Score
May 10, 2023 EPSS Score
Jun 29, 2023 EPSS Score

References

x_refsource_MISC
x_refsource_MISC
x_refsource_MISC
FEDORA-2022-10fd054d40 vendor-advisoryx_refsource_FEDORA

Open in Interactive Console →