CVE-2024-11218
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using –jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 1.33.12 | affected | ||
1.35.0 < 1.35.5 | affected | ||
1.37.0 < 1.37.6 | affected | ||
1.38.0 < 1.38.1 | affected | ||
| Red Hat | Red Hat Enterprise Linux 8 | 8100020250124120243.afee755d < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 8060020250203202123.3b538bd8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 8060020250203202123.3b538bd8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 8060020250203202123.3b538bd8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020250207173112.0f77c1b7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 4:5.2.2-13.el9_5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 2:1.37.6-1.el9_5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 2:4.2.0-6.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 1:1.26.9-1.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 1:1.29.5-1.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 2:4.4.1-22.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 2:1.33.12-2.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 4:4.9.4-17.el9_4 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 412.86.202503052321-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 3:4.2.0-13.rhaos4.12.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 1:1.29.5-1.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 3:4.4.1-16.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 413.92.202503112237-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 3:4.4.1-22.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 1:1.29.5-1.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 414.92.202503100617-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 1:1.29.5-1.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 3:4.4.1-33.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 1:1.29.5-1.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 415.92.202503060749-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 1:1.29.5-1.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 4:4.9.4-13.rhaos4.16.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 2:1.33.12-1.rhaos4.16.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 416.94.202502180249-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 2:1.33.12-1.rhaos4.16.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 5:5.2.2-2.rhaos4.17.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 2:1.33.12-1.rhaos4.17.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 2:1.33.12-1.rhaos4.17.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 417.94.202504080421-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | 2:1.33.12-1.rhaos4.18.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | 418.94.202504021150-0 < * | unaffected |
Weaknesses
- CWE-269: Improper Privilege Management
Workarounds
Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled.
SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the –mount flag.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2025:0830
- https://access.redhat.com/errata/RHSA-2025:0878
- https://access.redhat.com/errata/RHSA-2025:0922
- https://access.redhat.com/errata/RHSA-2025:0923
- https://access.redhat.com/errata/RHSA-2025:1186
- https://access.redhat.com/errata/RHSA-2025:1187
- https://access.redhat.com/errata/RHSA-2025:1188
- https://access.redhat.com/errata/RHSA-2025:1189
- https://access.redhat.com/errata/RHSA-2025:1207
- https://access.redhat.com/errata/RHSA-2025:1275
- https://access.redhat.com/errata/RHSA-2025:1295
- https://access.redhat.com/errata/RHSA-2025:1296
- https://access.redhat.com/errata/RHSA-2025:1372
- https://access.redhat.com/errata/RHSA-2025:1453
- https://access.redhat.com/errata/RHSA-2025:1707
- https://access.redhat.com/errata/RHSA-2025:1713
- https://access.redhat.com/errata/RHSA-2025:1908
- https://access.redhat.com/errata/RHSA-2025:1910
- https://access.redhat.com/errata/RHSA-2025:1914
- https://access.redhat.com/errata/RHSA-2025:2441
- https://access.redhat.com/errata/RHSA-2025:2443
- https://access.redhat.com/errata/RHSA-2025:2454
- https://access.redhat.com/errata/RHSA-2025:2456
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/errata/RHSA-2025:2703
- https://access.redhat.com/errata/RHSA-2025:2710
- https://access.redhat.com/errata/RHSA-2025:2712
- https://access.redhat.com/errata/RHSA-2025:3577
- https://access.redhat.com/errata/RHSA-2025:3798
- https://access.redhat.com/security/cve/CVE-2024-11218
- https://bugzilla.redhat.com/show_bug.cgi?id=2326231
- https://github.com/containers/buildah/pull/5918
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.