CVE-2022-1227
Description
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the podman top command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
32.073
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2022:2190) podman security update podman-docker-1.6.4-32.el7_9.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update aardvark-dns-1.0.1-27.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update buildah-1.24.2-4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update buildah-debugsource-1.24.2-4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update buildah-tests-1.24.2-4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update cockpit-podman-43-1.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update conmon-2.1.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update conmon-debugsource-2.1.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update container-selinux-2.179.1-1.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update containernetworking-plugins-1.0.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update containernetworking-plugins-debugsource-1.0.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update containers-common-1-27.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update crit-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-debugsource-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-devel-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update criu-libs-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update crun-1.4.4-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update crun-debugsource-1.4.4-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update fuse-overlayfs-1.8.2-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update fuse-overlayfs-debugsource-1.8.2-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update libslirp-4.4.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update libslirp-debugsource-4.4.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update libslirp-devel-4.4.0-1.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update netavark-1.0.1-27.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update oci-seccomp-bpf-hook-1.2.3-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-catatonit-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-debugsource-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-docker-4.0.2-6.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-gvproxy-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-plugins-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-remote-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update podman-tests-4.0.2-6.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update python3-criu-3.15-3.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update python3-podman-4.0.0-1.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update runc-1.0.3-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update runc-debugsource-1.0.3-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update skopeo-1.6.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update skopeo-debugsource-1.6.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update skopeo-tests-1.6.1-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update slirp4netns-1.1.8-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update slirp4netns-debugsource-1.1.8-2.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update toolbox-0.0.99.3-0.4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update toolbox-debugsource-0.0.99.3-0.4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update toolbox-tests-0.0.99.3-0.4.module+el8.6.0+14673+621cb8be.x86_64.rpm | Linux |
| (RHSA-2022:1762) container-tools:rhel8 security, bug fix, and enhancement update udica-0.2.6-2.module+el8.6.0+14673+621cb8be.noarch.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update buildah-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update buildah-debugsource-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update buildah-tests-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update cockpit-podman-29-2.module+el8.6.0+14874+64436299.noarch.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update conmon-2.0.26-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update conmon-debugsource-2.0.26-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update container-selinux-2.178.0-2.module+el8.6.0+14874+64436299.noarch.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update containernetworking-plugins-0.9.1-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update containers-common-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update crit-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update criu-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update criu-debugsource-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update crun-0.18-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update crun-debugsource-0.18-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update fuse-overlayfs-1.4.0-2.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update libslirp-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update libslirp-debugsource-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update libslirp-devel-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-catatonit-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-debugsource-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-docker-3.0.1-9.module+el8.6.0+14874+64436299.noarch.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-plugins-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-remote-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update podman-tests-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update python3-criu-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update runc-1.0.0-73.rc95.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update skopeo-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update skopeo-debugsource-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update skopeo-tests-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update slirp4netns-1.1.8-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update toolbox-tests-0.0.99.3-1.module+el8.6.0+14874+64436299.x86_64.rpm | Linux |
| (RHSA-2022:2143) container-tools:3.0 security update udica-0.2.4-1.module+el8.6.0+14874+64436299.noarch.rpm | Linux |
| Buildah update (ELSA-2022-2143) buildah-1.19.9-3.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Buildah-tests update (ELSA-2022-2143) buildah-tests-1.19.9-3.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Cockpit-podman update (ELSA-2022-2143) cockpit-podman-29-2.module+el8.6.0+20668+bfa6216f.noarch.rpm | Linux |
| Conmon update (ELSA-2022-2143) conmon-2.0.26-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Container-selinux update (ELSA-2022-2143) container-selinux-2.178.0-2.module+el8.6.0+20668+bfa6216f.noarch.rpm | Linux |
| Containernetworking-plugins update (ELSA-2022-2143) containernetworking-plugins-0.9.1-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Containers-common update (ELSA-2022-2143) containers-common-1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Crit update (ELSA-2022-2143) crit-3.15-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Criu update (ELSA-2022-2143) criu-3.15-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Crun update (ELSA-2022-2143) crun-0.18-3.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Fuse-overlayfs update (ELSA-2022-2143) fuse-overlayfs-1.4.0-2.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Libslirp update (ELSA-2022-2143) libslirp-4.3.1-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Libslirp-devel update (ELSA-2022-2143) libslirp-devel-4.3.1-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Oci-seccomp-bpf-hook update (ELSA-2022-2143) oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Podman update (ELSA-2022-2143) podman-3.0.1-9.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Podman-catatonit update (ELSA-2022-2143) podman-catatonit-3.0.1-9.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Podman-docker update (ELSA-2022-2143) podman-docker-3.0.1-9.module+el8.6.0+20668+bfa6216f.noarch.rpm | Linux |
| Podman-plugins update (ELSA-2022-2143) podman-plugins-3.0.1-9.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Podman-remote update (ELSA-2022-2143) podman-remote-3.0.1-9.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Podman-tests update (ELSA-2022-2143) podman-tests-3.0.1-9.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Python3-criu update (ELSA-2022-2143) python3-criu-3.15-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Runc update (ELSA-2022-2143) runc-1.0.0-73.rc95.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Skopeo update (ELSA-2022-2143) skopeo-1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Skopeo-tests update (ELSA-2022-2143) skopeo-tests-1.2.4-1.0.1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Slirp4netns update (ELSA-2022-2143) slirp4netns-1.1.8-1.module+el8.6.0+20668+bfa6216f.x86_64.rpm | Linux |
| Udica update (ELSA-2022-2143) udica-0.2.4-1.module+el8.6.0+20668+bfa6216f.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234