Description
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
References (6)
Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2066568
Third Party Advisory x_refsource_misc
https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j
Patch, Third Party Advisory x_refsource_misc
https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
Scores
CVSS v3
7.5
EPSS
0.0050
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (25)
containers/podman
0 - 4.0.3Go
fedoraproject/fedora
34
fedoraproject/fedora
35
fedoraproject/fedora
36
podman_project/podman
< 4.0.3
redhat/developer_tools
1.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
8.6
redhat/enterprise_linux_eus
8.4
redhat/enterprise_linux_eus
8.6
... and 15 more
Published
Apr 04, 2022
Tracked Since
Feb 18, 2026