PT-2022-6726 · Podman+7 · Podman+7

Andrew Morgan

Published

2022-04-01

Updated

2025-08-28

CVE-2022-27649

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Podman (affected versions not specified)

Description The issue is related to errors in using standard permissions, allowing an attacker to bypass security restrictions and elevate privileges. This is due to containers being started with non-empty default permissions and non-empty inheritable Linux process capabilities. The flaw enables programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

ALSA-2022:1565

ALSA-2022:1566

ALSA-2022:1762

ALT-PU-2022-1658

ALT-PU-2023-1488

ALT-PU-2025-10794

AZL-9320

BDU:2023-03753

CESA-2022_1565

CESA-2022_1566

CESA-2022_1762

CVE-2022-27649

GHSA-QVF8-P83W-V58J

GO-2022-0416

MGASA-2023-0213

OESA-2025-1073

OESA-2025-1074

OPENSUSE-SU-2023_0187-1

OPENSUSE-SU-2024:11982-1

RHSA-2022:1407

RHSA-2022:1565

RHSA-2022:1566

RHSA-2022:1762

RHSA-2022:4651

RHSA-2022:4816

RHSA-2022_1565

RHSA-2022_1566

RHSA-2022_1762

RLSA-2022:1565

RLSA-2022:1566

RLSA-2022:1762

SUSE-SU-2023:0187-1

SUSE-SU-2023:0326-1

Affected Products

Alt Linux

Almalinux

Centos

Podman

Red Hat

Red Os

Rocky Linux

Suse

PT-2022-6726 · Podman+7 · Podman+7

CVE-2022-27649

Weakness Enumeration

Related Identifiers

Affected Products

References · 160