Showing 1 - 8 of 8

CVE-2022-24769

Status Candidate

Overview

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.

Related Files

Ubuntu Security Notice USN-5776-1: Posted Dec 13, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5776-1 - It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. It was discovered that containerd incorrectly set up inheritable file capabilities. An attacker could possibly use this issue to escalate privileges inside a container. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2022-23471, CVE-2022-24769, CVE-2022-24778; SHA-256 | a5c37b7f401bff2eeb24eea7d980ad8afb19a337b55dbc18b318e7e8ecd8d937; Download | Favorite | View

Debian Security Advisory 5162-1: Posted Jun 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5162-1 - Two vulnerabilities were discovered that the containerd container runtime, which could result in denial of service or incomplete restriction of capabilities.; tags | advisory, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2022-24769, CVE-2022-31030; SHA-256 | 45ccecc0795e7e966ac9683f563b4827e05d859e1534f7867681d2cc64e3e308; Download | Favorite | View

Red Hat Security Advisory 2022-1357-01: Posted Jun 3, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-0778, CVE-2022-24769; SHA-256 | 4e4d7ceb3b56ff0b8fc58649892f8952cbdc01cec56f79428da5f4f3ed1d5329; Download | Favorite | View

Red Hat Security Advisory 2022-1370-01: Posted Jun 3, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1370-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.37.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-0778, CVE-2022-24769; SHA-256 | 7057ab7a3bca3ba744f59731e4e4366f941467305787012d9fa4db393015750e; Download | Favorite | View

Red Hat Security Advisory 2022-2265-01: Posted May 27, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-2265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58.; tags | advisory; systems | linux, redhat; advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-24769; SHA-256 | 8567c39cdaf49be7bdc6e0dcb409e243b609d943d99116dbb2cae745b57e601b; Download | Favorite | View

Red Hat Security Advisory 2022-1699-01: Posted May 13, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-4083, CVE-2022-0492, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-24769, CVE-2022-25636; SHA-256 | fbbfbdf0a9151383c4fd51b75bed69402cdeb86e35b863354d293fba3587a9fd; Download | Favorite | View

Red Hat Security Advisory 2022-1622-01: Posted May 4, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1622-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.57.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-8647, CVE-2020-8649, CVE-2022-0435, CVE-2022-0711, CVE-2022-0778, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-24407, CVE-2022-24769, CVE-2022-25173, CVE-2022-25174, CVE-2022-25175, CVE-2022-25176, CVE-2022-25177, CVE-2022-25178, CVE-2022-25179, CVE-2022-25180, CVE-2022-25181, CVE-2022-25182, CVE-2022-25183, CVE-2022-25184, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315; SHA-256 | c6bbb6c8c7f4807bed808b409a1979c9c7ff636de3be398e6d437bf3aaece474; Download | Favorite | View

Red Hat Security Advisory 2022-1363-01: Posted Apr 21, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.29.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-0778, CVE-2022-24769; SHA-256 | 30914537bd445536eae1b895b50a29b6a65239fc2cd90499d42aba67482218e9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 206 files
Ubuntu 106 files
indoushka 26 files
Debian 22 files
Gentoo 14 files
CraCkEr 13 files
Google Security Research 12 files
Mirabbas Agalarov 9 files
Apple 8 files
Ivan Fratric 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,757)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,858)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,368)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,647)
UNIX (9,245)
UnixWare (186)
Windows (6,557)
Other

CVE-2022-24769

Overview

Related Files

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems