What is CVE-2022-4318?

CVE-2022-4318 is a vulnerability found in cri-o that allows the addition of arbitrary lines into /etc/passwd.

What is the impact of CVE-2022-4318?

The impact of CVE-2022-4318 is the ability to add entries to a container's /etc/passwd by crafting an environment variable with newlines.

How can the admission validation of username/UID be circumvented in CVE-2022-4318?

Admission validation of username/UID can be circumvented in CVE-2022-4318 by adding an entry with newlines to the container's /etc/passwd.

Which software versions are affected by CVE-2022-4318?

The software versions affected by CVE-2022-4318 include cri-o 1.26.0, Kubernetes Cri-o, Redhat Openshift Container Platform, Redhat Enterprise Linux, Fedoraproject Extra Packages For Enterprise Linux, and Fedoraproject Fedora.

What is the severity of CVE-2022-4318?

CVE-2022-4318 has a severity rating of 7.8 (high).

Vulnerability/
CVE-2022-4318

high

7.8

CWE

913 538

12/12/2022

29/12/2022

25/9/2023

3/8/2024

CVE-2022-4318: Cri-o: /etc/passwd tampering privesc

First published: Mon Dec 12 2022(Updated: )

### Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry. Note: because the pod author is in control of the container's /etc/passwd, this is not considered a new risk factor. However, this advisory is being opened for transparency and as a way of tracking fixes. ### Patches 1.26.0 will have the fix. More patches will be posted as they're available. ### Workarounds Additional security controls like SELinux should prevent any damage a container is able to do with root on the host. Using SELinux is recommended because this class of attack is already possible by manually editing the container's /etc/passwd ### References

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/cri-o	<0:1.24.4-10.rhaos4.11.git1ed5ac5.el8	0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
redhat/cri-o	<0:1.25.2-10.rhaos4.12.git0a083f9.el8	0:1.25.2-10.rhaos4.12.git0a083f9.el8
go/github.com/cri-o/cri-o	<1.26.0	1.26.0
CRI-O
All of
Any of
Red Hat OpenShift Container Platform	=4.12
Red Hat OpenShift Container Platform	=4.12
Red Hat OpenShift Container Platform for Power	=4.12
Red Hat OpenShift Container Platform	=4.12
Red Hat Enterprise Linux	=8.0
All of
Any of
Red Hat OpenShift Container Platform	=4.12
Red Hat OpenShift Container Platform	=4.12
Red Hat OpenShift Container Platform for Power	=4.12
Red Hat OpenShift Container Platform	=4.12
Red Hat Enterprise Linux	=9.0
Fedora EPEL	=8.0
Fedora	=36
Fedora	=37
All of
Any of
Red Hat OpenShift Container Platform	=4.11
Red Hat OpenShift Container Platform	=4.11
Red Hat OpenShift Container Platform for Power	=4.11
Red Hat OpenShift Container Platform	=4.11
Red Hat Enterprise Linux	=8.0
Red Hat OpenShift Container Platform	=4.12
Red Hat OpenShift Container Platform	=4.12
Red Hat OpenShift Container Platform for Power	=4.12
Red Hat OpenShift Container Platform	=4.12
Red Hat Enterprise Linux	=8.0
Red Hat Enterprise Linux	=9.0
Red Hat OpenShift Container Platform	=4.11
Red Hat OpenShift Container Platform	=4.11
Red Hat OpenShift Container Platform for Power	=4.11
Red Hat OpenShift Container Platform	=4.11

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-4318?
CVE-2022-4318 is a vulnerability found in cri-o that allows the addition of arbitrary lines into /etc/passwd.
What is the impact of CVE-2022-4318?
The impact of CVE-2022-4318 is the ability to add entries to a container's /etc/passwd by crafting an environment variable with newlines.
How can the admission validation of username/UID be circumvented in CVE-2022-4318?
Admission validation of username/UID can be circumvented in CVE-2022-4318 by adding an entry with newlines to the container's /etc/passwd.
Which software versions are affected by CVE-2022-4318?
The software versions affected by CVE-2022-4318 include cri-o 1.26.0, Kubernetes Cri-o, Redhat Openshift Container Platform, Redhat Enterprise Linux, Fedoraproject Extra Packages For Enterprise Linux, and Fedoraproject Fedora.
What is the severity of CVE-2022-4318?
CVE-2022-4318 has a severity rating of 7.8 (high).

collector/redhat-cve
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-4318
agent/weakness
agent/references
agent/author
agent/severity
agent/title
agent/description
collector/github-advisory-latest
source/GitHub
alias/GHSA-cm9x-c3rh-7rc4
agent/software-canonical-lookup
agent/event
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
collector/nvd-index
package-manager/redhat
package-manager/go
vendor/kubernetes
canonical/cri-o
vendor/redhat
canonical/red hat openshift container platform
version/red hat openshift container platform/4.12
canonical/red hat openshift container platform for power
version/red hat openshift container platform for power/4.12
canonical/red hat enterprise linux
version/red hat enterprise linux/8.0
version/red hat enterprise linux/9.0
vendor/fedoraproject
canonical/fedora epel
version/fedora epel/8.0
canonical/fedora
version/fedora/36
version/fedora/37
version/red hat openshift container platform/4.11
version/red hat openshift container platform for power/4.11