{"id":"CVE-2022-27650","details":"A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.","modified":"2026-04-11T22:01:39.848973Z","published":"2022-04-04T20:15:10.940Z","related":["ALSA-2022:1762","ALSA-2022:1793","GHSA-wr4f-w546-m398","MGASA-2022-0141","openSUSE-SU-2024:11989-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/"},{"type":"ADVISORY","url":"https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2066845"},{"type":"FIX","url":"https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containers/crun","events":[{"introduced":"0"},{"fixed":"6521fcc5806f20f6187eb933f9f45130c86da230"},{"fixed":"1aeeed2e4fdeffb4875c0d0b439915894594c8c6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.4"}]}}],"versions":["0.10","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.12.1","0.4","0.5","0.6","0.7","0.8","0.9","0.9.1","1.0","v0.2","v0.3"],"database_specific":{"vanir_signatures":[{"digest":{"length":2525,"function_hash":"326576470114948350835089168532588116583"},"signature_type":"Function","target":{"function":"crun_command_exec","file":"src/exec.c"},"signature_version":"v1","deprecated":false,"id":"CVE-2022-27650-1369fec2","source":"https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6"},{"digest":{"line_hashes":["191965596629947503200297707270879748438","277783579743923417092443488377794187094","59215860372849921584264298802818030309","24826462537997860227952450397939357386","223256907618760933842021811521439593391"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/exec.c"},"signature_version":"v1","deprecated":false,"id":"CVE-2022-27650-4606fc3a","source":"https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T22:01:39Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27650.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}