CVE-2022-29162
published 2022-05-17CVE-2022-29162: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc…
PriorityP337high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.39%
30.4th percentile
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | runc | < runc 1.1.3+ds1-1 (bookworm) | runc 1.1.3+ds1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| github.com | opencontainers_runc | >= 0 < 1.1.2 | 1.1.2 |
| linuxfoundation | runc | < 1.1.2 | 1.1.2 |
| linuxfoundation | runc | >= 0 < 1.0.0~rc93+ds1-5+deb11u2 | 1.0.0~rc93+ds1-5+deb11u2 |
| linuxfoundation | runc | >= 0 < 1.1.3+ds1-1 | 1.1.3+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.1.3+ds1-1 | 1.1.3+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.1.3+ds1-1 | 1.1.3+ds1-1 |
| linuxfoundation | runc | >= 0 < 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 | 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 |
| msrc | cbl2_moby-runc_1.1.2-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_moby-runc_1.1.2+azure-1_on_cbl_mariner_1.0 | — | — |
| youki-dev | youki | < 0.5.3 | 0.5.3 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_ubuntu7.0HIGH
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
osv·2024-08-21
CVE-2022-29162 Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
OSV
runc vulnerabilities
osv·2023-05-23·CVSS 7.0
CVE-2019-19921 [HIGH] runc vulnerabilities
runc vulnerabilities
USN-6088-1 fixed vulnerabilities in runC. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges.
(CVE-2019-19921)
Felix Wilhelm discovered that runC incorrecly handled netlink
messages. An attacker could possibly use
this issue to escalate privileges. (CVE-2021-43784)
Andrew G. Morgan discovered that runC incorrectly set
inherited process capabilities inside the container.
An attacker could possibly use this issue to
escalate privileges. (CVE-2022-29162)
Original advisory details:
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacke
GHSA
Default inheritable capabilities for linux container should be empty
ghsa·2022-05-24
CVE-2022-29162 [MEDIUM] CWE-276 Default inheritable capabilities for linux container should be empty
Default inheritable capabilities for linux container should be empty
### Impact
A bug was found in runc where `runc exec --cap` executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2).
This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set.
### Patches
This bug has been fixed in runc 1.1.2. Users should update to this version as soon as possible.
This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments)
OSV
Default inheritable capabilities for linux container should be empty
osv·2022-05-24
CVE-2022-29162 [MEDIUM] Default inheritable capabilities for linux container should be empty
Default inheritable capabilities for linux container should be empty
### Impact
A bug was found in runc where `runc exec --cap` executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2).
This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set.
### Patches
This bug has been fixed in runc 1.1.2. Users should update to this version as soon as possible.
This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments)
OSV
CVE-2022-29162: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification
osv·2022-05-17·CVSS 7.8
CVE-2022-29162 [HIGH] CVE-2022-29162: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capa
Red Hat
libcontainer: Libcontainer is affected by capabilities elevation
vendor_redhat·2025-03-21·CVSS 5.9
CVE-2025-27612 [MEDIUM] CWE-276 libcontainer: Libcontainer is affected by capabilities elevation
libcontainer: Libcontainer is affected by capabilities elevation
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.
A flaw was found in libcontainer. This vulnerability may allow elevation o
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Ubuntu
runC vulnerabilities
vendor_ubuntu·2023-05-23·CVSS 7.0
CVE-2022-29162 [HIGH] runC vulnerabilities
Title: runC vulnerabilities
Summary: Several security issues were fixed in runC.
USN-6088-1 fixed vulnerabilities in runC. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges.
(CVE-2019-19921)
Felix Wilhelm discovered that runC incorrecly handled netlink
messages. An attacker could possibly use
this issue to escalate privileges. (CVE-2021-43784)
Andrew G. Morgan discovered that runC incorrectly set
inherited process capabilities inside the container.
An attacker could possibly use this issue to
escalate privileges. (CVE-2022-29162)
Original advisory details:
It was discovered that runC incorrectly m
Red Hat
runc: incorrect handling of inheritable capabilities
vendor_redhat·2022-05-13·CVSS 5.9
CVE-2022-29162 [MEDIUM] CWE-276 runc: incorrect handling of inheritable capabilities
runc: incorrect handling of inheritable capabilities
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified
Microsoft
Incorrect Default Permissions in runc
vendor_msrc·2022-05-10·CVSS 7.8
CVE-2022-29162 [MEDIUM] CWE-276 Incorrect Default Permissions in runc
Incorrect Default Permissions in runc
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.c
Debian
CVE-2022-29162: runc - runc is a CLI tool for spawning and running containers on Linux according to the...
vendor_debian·2022·CVSS 5.9
CVE-2022-29162 [MEDIUM] CVE-2022-29162: runc - runc is a CLI tool for spawning and running containers on Linux according to the...
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capa
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5https://github.com/opencontainers/runc/releases/tag/v1.1.2https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66https://lists.debian.org/debian-lts-announce/2023/03/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5https://github.com/opencontainers/runc/releases/tag/v1.1.2https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66https://lists.debian.org/debian-lts-announce/2023/03/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
2022-05-17
Published