{"id":"CVE-2022-27650","details":"A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.","aliases":["GHSA-wr4f-w546-m398"],"modified":"2026-05-28T04:05:29.826386195Z","published":"2022-04-04T19:45:45Z","related":["ALSA-2022:1762","ALSA-2022:1793","openSUSE-SU-2024:11989-1"],"database_specific":{"cwe_ids":["CWE-276"],"unresolved_ranges":[{"extracted_events":[{"last_affected":"Affects crun v1.4.3 and prior, Fixed in – v1.4.4"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"redhat","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27650.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27650.json"},{"type":"ADVISORY","url":"https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27650"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2066845"},{"type":"FIX","url":"https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containers/crun","events":[{"introduced":"0"},{"fixed":"6521fcc5806f20f6187eb933f9f45130c86da230"},{"fixed":"1aeeed2e4fdeffb4875c0d0b439915894594c8c6"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.4.4"}],"cpe":"cpe:2.3:a:crun_project:crun:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"]}}],"versions":["1.0","0.12.1","0.10.6","0.10.5","0.10.4","0.10.3","0.10.2","0.10.1","0.10","0.9.1","0.9","0.8","0.7","0.6","0.5","0.4","v0.3","v0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27650.json"}}],"schema_version":"1.7.5"}