摘要:
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
安全等级: Low
公告ID: KylinSec-SA-2022-1583
发布日期: 2022年7月5日
关联CVE: CVE-2022-27652
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-27652 | KY3.4-4A | docker | Unaffected |
| CVE-2022-27652 | KY3.4-5 | docker | Unaffected |
| CVE-2022-27652 | KY3.5.1 | docker | Unaffected |
