x/vulndb: add reports/GO-2022-0417.yaml for CVE-2022-27651
Fixes golang/vulndb#0417
Change-Id: Idebf8034f775559b1502a9d2dcec0dfdea4bc218
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414815
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/reports/GO-2022-0417.yaml b/reports/GO-2022-0417.yaml
new file mode 100644
index 0000000..7e2a4be
--- /dev/null
+++ b/reports/GO-2022-0417.yaml
@@ -0,0 +1,31 @@
+packages:
+ - module: github.com/containers/buildah
+ symbols:
+ - setupCapAdd
+ - setupCapDrop
+ versions:
+ - fixed: 1.25.0
+ vulnerable_at: 1.24.0
+ - module: github.com/containers/buildah
+ package: github.com/containers/buildah/chroot
+ symbols:
+ - setCapabilities
+ versions:
+ - fixed: 1.25.0
+ vulnerable_at: 1.24.0
+description: |
+ Containers are created with non-empty inheritable Linux process
+ capabilities, permitting programs with inheritable file capabilities
+ to elevate those capabilities to the permitted set during execve(2).
+
+ This bug does not affect the container security sandbox, as the
+ inheritable set never contains more capabilities than are included
+ in the container's bounding set.
+cves:
+ - CVE-2022-27651
+ghsas:
+ - GHSA-c3g4-w6cv-6v7h
+links:
+ commit: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
+ context:
+ - https://bugzilla.redhat.com/show_bug.cgi?id=2066840