Podman Command Injection Vulnerability in HyperV Machine Backend Allowing Arbitrary PowerShell Execution

A command injection vulnerability has been identified in Podman versions 4.8.0 through 5.8.1, specifically within the HyperV machine backend. The issue arises because the VM image path is incorporated into a PowerShell double-quoted string without proper sanitization. This flaw allows for subexpression injection, as PowerShell processes subexpressions in double-quoted strings before executing the command. Consequently, an attacker who can manipulate the VM image path through a crafted machine name or image directory could execute arbitrary PowerShell commands with the same privileges as the Podman process. On standard Windows installations, this could result in code execution at the SYSTEM level.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of PowerShell commands, with potential consequences of executing arbitrary code at the SYSTEM level on the affected Windows machine.

Remediation

Users can upgrade to Podman version 5.8.2 to address this vulnerability. The patch is specifically for the Windows HyperV backend, as the vulnerability does not exist on other operating systems.