CVE-2024-11218

Summary

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using –jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Affected Software

VendorProductVersion RangeStatus
0 < 1.33.12affected
1.35.0 < 1.35.5affected
1.37.0 < 1.37.6affected
1.38.0 < 1.38.1affected
Red HatRed Hat Enterprise Linux 88100020250124120243.afee755d < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020250203202123.3b538bd8 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020250203202123.3b538bd8 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020250203202123.3b538bd8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020250207173112.0f77c1b7 < *unaffected
Red HatRed Hat Enterprise Linux 94:5.2.2-13.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 92:1.37.6-1.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions2:4.2.0-6.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions1:1.26.9-1.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support1:1.29.5-1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support2:4.4.1-22.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support2:1.33.12-2.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support4:4.9.4-17.el9_4 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.12412.86.202503052321-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.123:4.2.0-13.rhaos4.12.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.131:1.29.5-1.rhaos4.13.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.133:4.4.1-16.rhaos4.13.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13413.92.202503112237-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.143:4.4.1-22.rhaos4.14.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.141:1.29.5-1.rhaos4.14.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14414.92.202503100617-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.141:1.29.5-1.rhaos4.14.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.153:4.4.1-33.rhaos4.15.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.151:1.29.5-1.rhaos4.15.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202503060749-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.151:1.29.5-1.rhaos4.15.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.164:4.9.4-13.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.162:1.33.12-1.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16416.94.202502180249-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.162:1.33.12-1.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.175:5.2.2-2.rhaos4.17.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.172:1.33.12-1.rhaos4.17.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.172:1.33.12-1.rhaos4.17.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17417.94.202504080421-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.182:1.33.12-1.rhaos4.18.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18418.94.202504021150-0 < *unaffected

Weaknesses

  • CWE-269: Improper Privilege Management

Workarounds

Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled.

SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the –mount flag.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References