A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CPE | Name | Operator | Version |
---|---|---|---|
crun | lt | 1.4.4 | |
fedora | eq | 34 | |
enterprise_linux | eq | 8.0 | |
openshift_container_platform | eq | 4.0 |