Unrated severityNVD Advisory· Published Sep 15, 2023· Updated Aug 3, 2024
Cri-o: security regression of cve-2022-27652
CVE-2022-3466
Description
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:/a:redhat:openshift:3.11+ 1 more
- cpe:/a:redhat:openshift:3.11
- cpe:/a:redhat:openshift:4.12::el8range: 0:1.25.1-5.rhaos4.12.git6005903.el9
Patches
Vulnerability mechanics
References
3- access.redhat.com/errata/RHSA-2022:7398mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2022-3466mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.