CVE-2022-27650 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-27650 Interim 1 16 2025-11-05T01:35:01Z current 2022-04-03T02:02:20Z 2025-11-05T01:35:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-27650 A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed aardvark-dns-1.0.1-27.module+el8.6.0+14673+621cb8be buildah-1.24.2-4.module+el8.6.0+14673+621cb8be buildah-tests-1.24.2-4.module+el8.6.0+14673+621cb8be cockpit-podman-43-1.module+el8.6.0+14673+621cb8be conmon-2.1.0-1.module+el8.6.0+14673+621cb8be container-selinux-2.179.1-1.module+el8.6.0+14673+621cb8be containernetworking-plugins-1.0.1-2.module+el8.6.0+14673+621cb8be containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0 crit-3.15-3.module+el8.6.0+14673+621cb8be criu-3.15-3.module+el8.6.0+14673+621cb8be criu-devel-3.15-3.module+el8.6.0+14673+621cb8be criu-libs-3.15-3.module+el8.6.0+14673+621cb8be crun crun-1.14-1.18 crun-1.15-slfo.1.1_1.3 crun-1.4.4-1.1 crun-1.4.4-1.module+el8.6.0+14673+621cb8be fuse-overlayfs-1.8.2-1.module+el8.6.0+14673+621cb8be libslirp-4.4.0-1.module+el8.6.0+14673+621cb8be libslirp-devel-4.4.0-1.module+el8.6.0+14673+621cb8be netavark-1.0.1-27.module+el8.6.0+14673+621cb8be oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+14673+621cb8be podman-4.0.2-6.module+el8.6.0+14673+621cb8be podman-catatonit-4.0.2-6.module+el8.6.0+14673+621cb8be podman-docker-4.0.2-6.module+el8.6.0+14673+621cb8be podman-gvproxy-4.0.2-6.module+el8.6.0+14673+621cb8be podman-plugins-4.0.2-6.module+el8.6.0+14673+621cb8be podman-remote-4.0.2-6.module+el8.6.0+14673+621cb8be podman-tests-4.0.2-6.module+el8.6.0+14673+621cb8be python3-criu-3.15-3.module+el8.6.0+14673+621cb8be python3-podman-4.0.0-1.module+el8.6.0+14673+621cb8be runc-1.0.3-2.module+el8.6.0+14673+621cb8be skopeo-1.6.1-2.module+el8.6.0+14673+621cb8be skopeo-tests-1.6.1-2.module+el8.6.0+14673+621cb8be slirp4netns-1.1.8-2.module+el8.6.0+14673+621cb8be toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0 toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0 udica-0.2.6-2.module+el8.6.0+14673+621cb8be aardvark-dns-1.0.1-27.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 buildah-1.24.2-4.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 buildah-tests-1.24.2-4.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 cockpit-podman-43-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 conmon-2.1.0-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 container-selinux-2.179.1-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 containernetworking-plugins-1.0.1-2.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0 as a component of SUSE Liberty Linux 8 crit-3.15-3.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 criu-3.15-3.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 criu-devel-3.15-3.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 criu-libs-3.15-3.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 crun-1.4.4-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 fuse-overlayfs-1.8.2-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 libslirp-4.4.0-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 libslirp-devel-4.4.0-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 netavark-1.0.1-27.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-catatonit-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-docker-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-gvproxy-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-plugins-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-remote-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 podman-tests-4.0.2-6.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 python3-criu-3.15-3.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 python3-podman-4.0.0-1.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 runc-1.0.3-2.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 skopeo-1.6.1-2.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 skopeo-tests-1.6.1-2.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 slirp4netns-1.1.8-2.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0 as a component of SUSE Liberty Linux 8 toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0 as a component of SUSE Liberty Linux 8 udica-0.2.6-2.module+el8.6.0+14673+621cb8be as a component of SUSE Liberty Linux 8 crun-1.14-1.18 as a component of SUSE Linux Micro 6.0 crun-1.15-slfo.1.1_1.3 as a component of SUSE Linux Micro 6.1 crun-1.4.4-1.1 as a component of openSUSE Tumbleweed crun as a component of SUSE Linux Micro 6.0 crun as a component of SUSE Linux Micro 6.1 A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. CVE-2022-27650 SUSE Liberty Linux 8:aardvark-dns-1.0.1-27.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:buildah-1.24.2-4.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:buildah-tests-1.24.2-4.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:cockpit-podman-43-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:conmon-2.1.0-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:container-selinux-2.179.1-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:containernetworking-plugins-1.0.1-2.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:containers-common-1.2.4-1.module+el8.6.0+14694+4f5132e0 SUSE Liberty Linux 8:crit-3.15-3.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:criu-3.15-3.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:criu-devel-3.15-3.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:criu-libs-3.15-3.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:crun-1.4.4-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:fuse-overlayfs-1.8.2-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:libslirp-4.4.0-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:libslirp-devel-4.4.0-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:netavark-1.0.1-27.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-catatonit-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-docker-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-gvproxy-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-plugins-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-remote-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:podman-tests-4.0.2-6.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:python3-criu-3.15-3.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:python3-podman-4.0.0-1.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:runc-1.0.3-2.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:skopeo-1.6.1-2.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:skopeo-tests-1.6.1-2.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:slirp4netns-1.1.8-2.module+el8.6.0+14673+621cb8be SUSE Liberty Linux 8:toolbox-0.0.99.3-1.module+el8.6.0+14694+4f5132e0 SUSE Liberty Linux 8:toolbox-tests-0.0.99.3-1.module+el8.6.0+14694+4f5132e0 SUSE Liberty Linux 8:udica-0.2.6-2.module+el8.6.0+14673+621cb8be SUSE Linux Micro 6.0:crun-1.14-1.18 SUSE Linux Micro 6.1:crun-1.15-slfo.1.1_1.3 openSUSE Tumbleweed:crun-1.4.4-1.1 SUSE Linux Micro 6.0:crun SUSE Linux Micro 6.1:crun moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L