runc is vulnerable to privilege escalation. The vulnerability exists due to a bug in the runc exec --cap created processes with non-empty inheritable Linux process capabilities allowing an attacker to gain unauthorized access permissions.

References

github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5

github.com/opencontainers/runc/releases/tag/v1.1.2

github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66

lists.debian.org/debian-lts-announce/2023/03/msg00023.html

lists.fedoraproject.org/archives/list/[email protected]/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/

lists.fedoraproject.org/archives/list/[email protected]/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/

lists.fedoraproject.org/archives/list/[email protected]/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/

secdb.alpinelinux.org/edge/community.yaml

secdb.alpinelinux.org/v3.15/community.yaml

fedora 5

nessus 32

openvas 20

cgr 1

osv 13

redhatcve 1

ubuntucve 1

debiancve 1

github 1

nvd 1

cvelist 1

rocky 3

cbl_mariner 2

ibm 11

almalinux 2

cve 1

altlinux 1

alpinelinux 1

oraclelinux 3

prion 1

redhat 6

mageia 1

wolfi 1

photon 4

suse 3

debian 1

rosalinux 1

gentoo 1

ubuntu 1

ics 1

fedora

[SECURITY] Fedora 36 Update: runc-1.1.2-3.fc36

2022-07-31 01:37:21

[SECURITY] Fedora 35 Update: golang-github-opencontainers-runc-1.1.2-1.fc35

2022-05-30 05:34:55

[SECURITY] Fedora 34 Update: golang-github-opencontainers-runc-1.1.2-1.fc34

2022-05-30 05:57:15

nessus

Amazon Linux 2023 : runc (ALAS2023-2023-231)

2023-06-28 00:00:00

Oracle Linux 9 : runc (ELSA-2022-8090)

2022-11-22 00:00:00

Amazon Linux 2023 : runc (ALAS2023-2024-531)

2024-02-20 00:00:00

openvas

Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2022-d1f55f8fd0)

2022-06-01 00:00:00

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2312)

2022-09-14 00:00:00

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2283)

2022-09-14 00:00:00

cgr

CVE-2022-29162 vulnerabilities

2024-05-19 03:07:16

osv

CVE-2022-29162

2022-05-17 21:15:08

Low: runc security update

2022-11-15 06:15:20

Low: runc security update

2022-11-15 00:00:00

redhatcve

CVE-2022-29162

2022-06-07 02:29:38

ubuntucve

CVE-2022-29162

2022-05-17 00:00:00

debiancve

CVE-2022-29162

2022-05-17 21:15:08

github

Default inheritable capabilities for linux container should be empty

2022-05-24 17:36:56

nvd

CVE-2022-29162

2022-05-17 21:15:08

cvelist

CVE-2022-29162 Incorrect Default Permissions in runc

2022-05-17 00:00:00

rocky

runc security update

2022-11-15 06:15:20

container-tools:4.0 security and bug fix update

2022-11-08 06:20:20

container-tools:rhel8 security, bug fix, and enhancement update

2022-11-08 06:20:07

cbl_mariner

CVE-2022-29162 affecting package moby-runc 1.1.0+azure-6

2022-07-14 21:00:02

CVE-2022-29162 affecting package moby-runc for versions less than 1.1.2-2

2022-06-26 03:29:33

ibm

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-29162)

2022-06-24 15:36:17

Security Bulletin: Open Source Dependency Vulnerability

2023-05-15 18:00:14

Security Bulletin: Open Source Dependency Vulnerability

2023-05-15 16:55:24

almalinux

Low: runc security update

2022-11-15 00:00:00

Moderate: container-tools:4.0 security and bug fix update

2022-11-08 00:00:00

cve

CVE-2022-29162

2022-05-17 21:15:08

altlinux

Security fix for the ALT Linux 10 package runc version 1.1.2-alt1

2022-05-12 00:00:00

alpinelinux

CVE-2022-29162

2022-05-17 21:15:08

oraclelinux

runc security update

2022-11-22 00:00:00

container-tools:4.0 security and bug fix update

2022-11-15 00:00:00

container-tools:ol8 security, bug fix, and enhancement update

2022-11-15 00:00:00

prion

Design/Logic Flaw

2022-05-17 21:15:00

redhat

(RHSA-2022:8090) Low: runc security update

2022-11-15 06:15:20

(RHSA-2022:7469) Moderate: container-tools:4.0 security and bug fix update

2022-11-08 06:20:20

(RHSA-2022:7457) Moderate: container-tools:rhel8 security, bug fix, and enhancement update

2022-11-08 06:20:07

mageia

Updated opencontainers-runc packages fix security vulnerability

2022-05-21 11:50:18

wolfi

CVE-2022-29162 vulnerabilities

2024-09-28 21:12:41

photon

Important Photon OS Security Update - PHSA-2022-0529

2022-10-19 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0405

2022-06-14 00:00:00

Important Photon OS Security Update - PHSA-2022-0266

2022-10-19 00:00:00

suse

Security update for containerd, docker and runc (important)

2022-07-08 00:00:00

Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (important)

2022-09-20 00:00:00

Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (important)

2022-09-22 00:00:00

debian

[SECURITY] [DLA 3369-1] runc security update

2023-03-27 16:07:07

rosalinux

Advisory ROSA-SA-2023-2209

2023-08-08 07:51:13

gentoo

runc: Multiple Vulnerabilities

2024-08-11 00:00:00

ubuntu

runC vulnerabilities

2023-05-23 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

Percentile

14.2%

JSON

Related for VERACODE:35548