SUSE CVE-2022-27652

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...

Privilege Escalation

cri-o is vulnerable to Privilege Escalation. The vulnerability allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve2 runs...

cri-o: Security regression of CVE-2022-27652

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10....

macOS/x64 Execve Caesar Cipher String Null-Free Shellcode (286 bytes)

Shellcode Title: macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode 286 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The...

macOS/x64 Execve Null-Free Shellcode (253 bytes)

Shellcode Title: macOS/x64 - Execve Null-Free Shellcode 253 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Date: 12/20/2022 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The strin...

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

...

SUSE-SU-2022:4113-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040022 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUTVSCREENINFO bnc1201635. - CVE-2022-1882: Fixed a use-after-free flaw in freepipeinfo that could allow a local user to cra...

SUSE-SU-2022:4112-1 Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024115 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUTVSCREENINFO bnc1201635. - CVE-2022-2588: Fixed use-after-free in clsroute bsc1202096. - CVE-2022-42703: Fixed...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

kernel: exec: Force single empty string when argv is empty

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2022:7318 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option CVE-2022-30594 For more details abou...

CRI-O 安全漏洞

CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that it allows an attacker with programmatic access to inheritable file features to elevate those features to the allowed set when running execve2...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

GSD-2022-1004738 powerpc: Enable execve syscall exit tracepoint

powerpc: Enable execve syscall exit tracepoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.202 by commit...

GSD-2022-1004621 powerpc: Enable execve syscall exit tracepoint

powerpc: Enable execve syscall exit tracepoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.127 by commit...

GSD-2022-1004454 powerpc: Enable execve syscall exit tracepoint

powerpc: Enable execve syscall exit tracepoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.51 by commit...

cri-o: Default inheritable capabilities for linux container should be empty

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...

podman: Default inheritable capabilities for linux container should be empty

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...