CVE-2024-9676

Summary

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--userns=auto in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Affected Software

VendorProductVersion RangeStatus
0 < 1.55.1affected
Red HatRed Hat Enterprise Linux 88100020241101101019.afee755d < *unaffected
Red HatRed Hat Enterprise Linux 94:4.9.4-16.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 94:5.2.2-9.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 92:1.37.5-1.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support2:1.33.11-1.el9_4 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.120:1.25.5-30.rhaos4.12.git53dc492.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.130:1.26.5-26.rhaos4.13.giteb3d487.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.140:1.27.8-12.rhaos4.14.git7597c43.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.150:1.28.11-5.rhaos4.15.git35a2431.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.160:1.29.9-6.rhaos4.16.gite7bd45a.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.164:4.9.4-12.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.170:1.30.6-6.rhaos4.17.git6ac6e96.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.175:5.2.2-1.rhaos4.17.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202501281204.p0.ga753153.assembly.stream.el9 < *unaffected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References