{"api_version":"1","generated_at":"2026-04-22T23:29:35+00:00","cve":"CVE-2022-29162","urls":{"html":"https://cve.report/CVE-2022-29162","api":"https://cve.report/api/cve/CVE-2022-29162.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-29162","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-29162"},"summary":{"title":"CVE-2022-29162","description":"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-05-17 21:15:00","updated_at":"2023-11-07 03:45:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/","name":"FEDORA-2022-e980dc71b1","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: golang-github-opencontainers-runc-1.1.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/","name":"FEDORA-2022-e980dc71b1","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: golang-github-opencontainers-runc-1.1.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66","name":"https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66","refsource":"CONFIRM","tags":[],"title":"Default inheritable capabilities for linux container should be empty · Advisory · opencontainers/runc · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/","name":"FEDORA-2022-91b747a0d7","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: golang-github-opencontainers-runc-1.1.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/","name":"FEDORA-2022-91b747a0d7","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: golang-github-opencontainers-runc-1.1.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html","name":"[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3369-1] runc security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/","name":"FEDORA-2022-d1f55f8fd0","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: golang-github-opencontainers-runc-1.1.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/","name":"FEDORA-2022-d1f55f8fd0","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: golang-github-opencontainers-runc-1.1.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5","name":"https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5","refsource":"MISC","tags":[],"title":"Merge pull request from GHSA-f3fp-gc8g-vw66 · opencontainers/runc@d04de3a · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/opencontainers/runc/releases/tag/v1.1.2","name":"https://github.com/opencontainers/runc/releases/tag/v1.1.2","refsource":"MISC","tags":[],"title":"Release v1.1.2 -- \"I should think I’m going to be a perpetual student.\" · opencontainers/runc · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-29162","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29162","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"29162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"linuxfoundation","cpe5":"runc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-29162","qid":"160213","title":"Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2022-7469)"},{"cve":"CVE-2022-29162","qid":"160233","title":"Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2022-7457)"},{"cve":"CVE-2022-29162","qid":"160310","title":"Oracle Enterprise Linux Security Update for runc (ELSA-2022-8090)"},{"cve":"CVE-2022-29162","qid":"180866","title":"Debian Security Update for runc (CVE-2022-29162)"},{"cve":"CVE-2022-29162","qid":"181640","title":"Debian Security Update for runc (DLA 3369-1)"},{"cve":"CVE-2022-29162","qid":"199528","title":"Ubuntu Security Notification for runC Vulnerabilities (USN-6088-2)"},{"cve":"CVE-2022-29162","qid":"240607","title":"Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2022:5068)"},{"cve":"CVE-2022-29162","qid":"240829","title":"Red Hat Update for container-tools:rhel8 security (RHSA-2022:7457)"},{"cve":"CVE-2022-29162","qid":"240847","title":"Red Hat Update for container-tools:4.0 (RHSA-2022:7469)"},{"cve":"CVE-2022-29162","qid":"240868","title":"Red Hat Update for runc (RHSA-2022:8090)"},{"cve":"CVE-2022-29162","qid":"282779","title":"Fedora Security Update for golang (FEDORA-2022-e980dc71b1)"},{"cve":"CVE-2022-29162","qid":"282780","title":"Fedora Security Update for golang (FEDORA-2022-91b747a0d7)"},{"cve":"CVE-2022-29162","qid":"282782","title":"Fedora Security Update for golang (FEDORA-2022-d1f55f8fd0)"},{"cve":"CVE-2022-29162","qid":"355453","title":"Amazon Linux Security Advisory for runc : ALAS2023-2023-231"},{"cve":"CVE-2022-29162","qid":"357241","title":"Amazon Linux Security Advisory for runc : ALAS2023-2024-531"},{"cve":"CVE-2022-29162","qid":"502184","title":"Alpine Linux Security Update for runc"},{"cve":"CVE-2022-29162","qid":"6140312","title":"AWS Bottlerocket Security Update for runc (GHSA-v774-6wqv-56hv)"},{"cve":"CVE-2022-29162","qid":"672019","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2022-2253)"},{"cve":"CVE-2022-29162","qid":"672049","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2022-2240)"},{"cve":"CVE-2022-29162","qid":"672098","title":"EulerOS Security Update for docker-runc (EulerOS-SA-2022-2283)"},{"cve":"CVE-2022-29162","qid":"672127","title":"EulerOS Security Update for docker-runc (EulerOS-SA-2022-2312)"},{"cve":"CVE-2022-29162","qid":"672327","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2022-2707)"},{"cve":"CVE-2022-29162","qid":"752333","title":"SUSE Enterprise Linux Security Update for containerd, docker and runc (SUSE-SU-2022:2341-1)"},{"cve":"CVE-2022-29162","qid":"753186","title":"SUSE Enterprise Linux Security Update for kubevirt (SUSE-SU-2022:3333-1)"},{"cve":"CVE-2022-29162","qid":"753213","title":"SUSE Enterprise Linux Security Update for kubevirt (SUSE-SU-2022:3321-1)"},{"cve":"CVE-2022-29162","qid":"770161","title":"Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:5068)"},{"cve":"CVE-2022-29162","qid":"902047","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (9819)"},{"cve":"CVE-2022-29162","qid":"902050","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (9817)"},{"cve":"CVE-2022-29162","qid":"902288","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (9817-1)"},{"cve":"CVE-2022-29162","qid":"902485","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-runc (9819-1)"},{"cve":"CVE-2022-29162","qid":"940774","title":"AlmaLinux Security Update for container-tools:4.0 (ALSA-2022:7469)"},{"cve":"CVE-2022-29162","qid":"940818","title":"AlmaLinux Security Update for runc (ALSA-2022:8090)"},{"cve":"CVE-2022-29162","qid":"960172","title":"Rocky Linux Security Update for container-tools:rhel8 (RLSA-2022:7457)"},{"cve":"CVE-2022-29162","qid":"960188","title":"Rocky Linux Security Update for container-tools:4.0 (RLSA-2022:7469)"},{"cve":"CVE-2022-29162","qid":"960642","title":"Rocky Linux Security Update for runc (RLSA-2022:8090)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-29162","STATE":"PUBLIC","TITLE":"Incorrect Default Permissions in runc"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"runc","version":{"version_data":[{"version_value":"< 1.1.2"}]}}]},"vendor_name":"opencontainers"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-276: Incorrect Default Permissions"}]}]},"references":{"reference_data":[{"name":"https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66","refsource":"CONFIRM","url":"https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66"},{"name":"https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5","refsource":"MISC","url":"https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5"},{"name":"https://github.com/opencontainers/runc/releases/tag/v1.1.2","refsource":"MISC","url":"https://github.com/opencontainers/runc/releases/tag/v1.1.2"},{"refsource":"FEDORA","name":"FEDORA-2022-91b747a0d7","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/"},{"refsource":"FEDORA","name":"FEDORA-2022-e980dc71b1","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/"},{"refsource":"FEDORA","name":"FEDORA-2022-d1f55f8fd0","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"}]},"source":{"advisory":"GHSA-f3fp-gc8g-vw66","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-05-17 21:15:00","lastModifiedDate":"2023-11-07 03:45:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}