CVE-2022-29162
Privilege Escalation vulnerability in runc (Go)
What is CVE-2022-29162 About?
This vulnerability in `github.com/opencontainers/runc` occurs because default inheritable capabilities for Linux containers are not empty, potentially leading to privilege escalation. This misconfiguration allows containers to retain unintended privileges, which could be leveraged by an attacker. Exploitation requires specific conditions but is generally considered moderate in difficulty.
Affected Software
Technical Details
The vulnerability in github.com/opencontainers/runc pertains to the default configuration of inheritable capabilities for Linux containers. Inheritable capabilities are a set of privileges that a process can pass to its children. The issue is that the default set of inheritable capabilities is not empty, meaning containers by default retain certain capabilities that they should not have. If an attacker gains control within a container, they could potentially leverage these inherited capabilities to perform actions that should be restricted, leading to privilege escalation outside the container or impact on the host system. This misconfiguration compromises the principle of least privilege within the container runtime.
What is the Impact of CVE-2022-29162?
Successful exploitation may allow attackers to escalate privileges within the container, perform unauthorized actions on the host system, or achieve container escape.
What is the Exploitability of CVE-2022-29162?
Exploiting this vulnerability generally requires an attacker to first gain execution within a container. The complexity is moderate, as it relies on leveraging pre-existing (and unintended) inheritable capabilities. No specific authentication is required if arbitrary code execution is already achieved within the container; however, initial access to the container itself might require authentication or other exploitation. Privilege requirements within the container vary, but the vulnerability's impact is that privileges are higher than intended. This issue is typically local to the container once initial access is gained, but an attacker might gain initial access remotely. Special conditions involve the specific capabilities inherited and what actions they permit. Risk factors are amplified in environments running untrusted container images or applications with known vulnerabilities that could lead to initial container compromise.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-29162?
Available Upgrade Options
- github.com/opencontainers/runc
- <1.1.2 → Upgrade to 1.1.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/opencontainers/runc/releases/tag/v1.1.2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
- https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-29162
- https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y
- https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
- https://osv.dev/vulnerability/GHSA-f3fp-gc8g-vw66
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB
What are Similar Vulnerabilities to CVE-2022-29162?
Similar Vulnerabilities: CVE-2020-15257 , CVE-2019-5736 , CVE-2019-14271 , CVE-2018-1000001 , CVE-2018-1002100
