CVE-2022-27652

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Published: Apr 18, 2022
Updated: May 9, 2024
CVE: CVE-2022-27652
GHSA: GHSA-4hj2-r2pm-3hc6
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	35	35.x
mobyproject / moby	-	20.10.14
redhat / openshift_container_platform	3.11	3.11.x
redhat / openshift_container_platform	4.0	4.0.x
github.com/cri-o/cri-o	-	1.24.0

https://bugzilla.redhat.com/show_bug.cgi?id=2066839
https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6

Vulnerability Database

289,599

CVE-2022-27652