Showing 1 - 6 of 6

CVE-2022-29162

Status Candidate

Overview

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.

Related Files

Gentoo Linux Security Advisory 202408-25: Posted Aug 12, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202408-25 - Multiple vulnerabilities have been discovered in runc, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.1.12 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2021-43784, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2024-21626; SHA-256 | 35eca8f05afb945acb36b278ceea660e8251c72adbc3a80372297da3c7b9cdf5; Download | Favorite | View

Ubuntu Security Notice USN-6088-2: Posted May 24, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6088-2 - USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. Felix Wilhelm discovered that runC incorrecly handled netlink messages. An attacker could possibly use this issue to escalate privileges.; tags | advisory, vulnerability; systems | linux, ubuntu; advisories | CVE-2019-19921, CVE-2021-43784, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642; SHA-256 | 228e4e8430141c4a888658c04e39158326161025cc9773182744d3522bc81a9d; Download | Favorite | View

Red Hat Security Advisory 2022-8090-01: Posted Nov 16, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-8090-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-29162; SHA-256 | ebee58a0a0eb4b2cf465cb8a4325fa5974ab0a63610d838738ce312acb65668c; Download | Favorite | View

Red Hat Security Advisory 2022-7457-01: Posted Nov 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2021-36221, CVE-2021-41190, CVE-2022-1708, CVE-2022-27191, CVE-2022-29162, CVE-2022-2990; SHA-256 | 72c93ef5fad8294ebe3afa3b48f3853ab0bb3fb7dd60c2174498a5cadd63ae36; Download | Favorite | View

Red Hat Security Advisory 2022-7469-01: Posted Nov 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7469-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a memory exhaustion vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-1708, CVE-2022-27191, CVE-2022-29162; SHA-256 | e6a17dcd0f6d748520404bfaf18470bd2497aa1b2b9102c241c9bab13ebee020; Download | Favorite | View

Red Hat Security Advisory 2022-5068-01: Posted Aug 10, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2022-1706, CVE-2022-21698, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-24921, CVE-2022-27191, CVE-2022-28327, CVE-2022-29162; SHA-256 | 30e00d08c07434f6fc92069d48ab3c33166cfe75f5097f3b4aae5ca92fe1476e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

CVE-2022-29162

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems