A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject3435Podman Project Podman
APPPodman Project< 4.0.0Psgo Project Psgo
APPPsgo Project< 1.7.2Red Hat Developer Tools
APPRedhat1.0Red Hat Enterprise Linux
OSRedhat7.08.0Red Hat Enterprise Linux Eus
OSRedhat8.6Red Hat Enterprise Linux For IBM Z Systems
OSRedhat7.08.6Red Hat Enterprise Linux For Power Little Endian
OSRedhat7.08.6Red Hat Enterprise Linux Server
OSRedhat7.0Red Hat Enterprise Linux Server Aus
OSRedhat8.6Red Hat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
OSRedhat8.6Red Hat Enterprise Linux Server Tus
OSRedhat8.6Red Hat Enterprise Linux Server Update Services For Sap Solutions
APPRedhat8.6Red Hat Enterprise Linux Workstation
OSRedhat7.0Red Hat OpenShift Container Platform
APPRedhat4.0Red Hat Quay
APPRedhat3.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPEDoS
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox