Vulnerability Name:

CVE-2022-29162 (CCN-226393)

Assigned:2022-05-12
Published:2022-05-12
Updated:2023-03-27
Summary:runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
5.6 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-276
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-29162

Source: XF
Type: UNKNOWN
opencontainers-cve202229162-priv-esc(226393)

Source: security-advisories@github.com
Type: Patch, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Release Notes, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: runc GIT Repository
Default inheritable capabilities for linux container should be empty

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: UNKNOWN
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: oss-sec Mailing List, Thu, 12 May 2022 15:28:23 +1000
CVE-2022-29162: runc < 1.1.2 incorrect handling of inheritable capabilities in default configuration

Source: CCN
Type: IBM Security Bulletin 6857803 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6991561 (Edge Application Manager)
Open Source Dependency Vulnerability

Source: CCN
Type: IBM Security Bulletin 6991597 (Edge Application Manager)
Open Source Dependency Vulnerability

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7865
    P
    		runc-1.1.5-150000.41.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7860
    P
    		kubevirt-manifests-0.58.0-150500.6.3 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20228090
    P
    		RHSA-2022:8090: runc security update (Low)
    2022-11-15
    oval:com.redhat.rhsa:def:20227457
    P
    		RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
    2022-11-08
    oval:com.redhat.rhsa:def:20227469
    P
    		RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate)
    2022-11-08
    oval:org.opensuse.security:def:773
    P
    		Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)
    2022-09-22
    oval:org.opensuse.security:def:118753
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:93469
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:119624
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:94256
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:42407
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:118943
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:93623
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:567
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:94465
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:93151
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:119248
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:93830
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:3670
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:95300
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:93311
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:119439
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:94044
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:42312
    P
    		Security update for containerd, docker and runc (Important)
    2022-07-08
    oval:org.opensuse.security:def:995
    P
    		Security update for containerd, docker and runc (Important) (in QA)
    2022-06-14
    oval:org.opensuse.security:def:1527
    P
    		Security update for containerd, docker and runc (Important) (in QA)
    2022-06-14
    BACK