Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Related bugs and status

CVE-2022-1227 (Candidate) is related to these bugs:

Bug #1971034: Several security issues in libpod 3.4.x

		In	Importance	Status
1971034	Several security issues in libpod 3.4.x	libpod (Ubuntu)	Undecided	Confirmed
1971034	Several security issues in libpod 3.4.x	libpod (Ubuntu Impish)	Undecided	Confirmed
1971034	Several security issues in libpod 3.4.x	libpod (Ubuntu Jammy)	Undecided	Confirmed
1971034	Several security issues in libpod 3.4.x	libpod (Ubuntu Kinetic)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: https://github.com/con...
FEDORA: FEDORA-2022-5e637f6cc6