Bug 2326231 (CVE-2024-11218) - CVE-2024-11218 podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
Summary: CVE-2024-11218 podman: buildah: Container breakout by using --jobs=2 and a ra...
Keywords:
Status: NEW
Alias: CVE-2024-11218
Deadline: 2025-01-20
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2341663 2341664
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-14 13:12 UTC by OSIDB Bzimport
Modified: 2025-04-16 17:46 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:1444 0 None None None 2025-02-13 16:06:20 UTC
Red Hat Product Errata RHBA-2025:1624 0 None None None 2025-02-18 08:48:08 UTC
Red Hat Product Errata RHBA-2025:1626 0 None None None 2025-02-18 08:59:10 UTC
Red Hat Product Errata RHSA-2025:0830 0 None None None 2025-02-10 06:12:35 UTC
Red Hat Product Errata RHSA-2025:0878 0 None None None 2025-02-05 13:48:21 UTC
Red Hat Product Errata RHSA-2025:0922 0 None None None 2025-02-04 01:07:27 UTC
Red Hat Product Errata RHSA-2025:0923 0 None None None 2025-02-04 09:15:17 UTC
Red Hat Product Errata RHSA-2025:1186 0 None None None 2025-02-10 01:04:23 UTC
Red Hat Product Errata RHSA-2025:1187 0 None None None 2025-02-10 01:04:19 UTC
Red Hat Product Errata RHSA-2025:1188 0 None None None 2025-02-10 01:30:41 UTC
Red Hat Product Errata RHSA-2025:1189 0 None None None 2025-02-10 01:31:00 UTC
Red Hat Product Errata RHSA-2025:1207 0 None None None 2025-02-10 08:30:34 UTC
Red Hat Product Errata RHSA-2025:1275 0 None None None 2025-02-11 07:59:43 UTC
Red Hat Product Errata RHSA-2025:1295 0 None None None 2025-02-11 11:33:04 UTC
Red Hat Product Errata RHSA-2025:1296 0 None None None 2025-02-11 11:37:34 UTC
Red Hat Product Errata RHSA-2025:1372 0 None None None 2025-02-13 00:30:09 UTC
Red Hat Product Errata RHSA-2025:1453 0 None None None 2025-02-19 23:20:45 UTC
Red Hat Product Errata RHSA-2025:1707 0 None None None 2025-02-27 00:47:02 UTC
Red Hat Product Errata RHSA-2025:1713 0 None None None 2025-02-27 04:42:33 UTC
Red Hat Product Errata RHSA-2025:1908 0 None None None 2025-03-04 17:26:30 UTC
Red Hat Product Errata RHSA-2025:1910 0 None None None 2025-03-05 04:16:41 UTC
Red Hat Product Errata RHSA-2025:1914 0 None None None 2025-03-05 04:07:50 UTC
Red Hat Product Errata RHSA-2025:2441 0 None None None 2025-03-13 16:30:02 UTC
Red Hat Product Errata RHSA-2025:2443 0 None None None 2025-03-13 16:42:23 UTC
Red Hat Product Errata RHSA-2025:2454 0 None None None 2025-03-13 05:47:08 UTC
Red Hat Product Errata RHSA-2025:2456 0 None None None 2025-03-13 06:03:05 UTC
Red Hat Product Errata RHSA-2025:2701 0 None None None 2025-03-20 07:01:50 UTC
Red Hat Product Errata RHSA-2025:2703 0 None None None 2025-03-20 07:11:56 UTC
Red Hat Product Errata RHSA-2025:2710 0 None None None 2025-03-19 20:54:58 UTC
Red Hat Product Errata RHSA-2025:2712 0 None None None 2025-03-19 21:28:23 UTC
Red Hat Product Errata RHSA-2025:3577 0 None None None 2025-04-10 11:37:42 UTC
Red Hat Product Errata RHSA-2025:3798 0 None None None 2025-04-16 17:46:11 UTC

Description OSIDB Bzimport 2024-11-14 13:12:54 UTC 
A vulnerability was found in `podman build` and `buildah`. Container breakout by using --jobs=2 and race condition when building a malicious Containerfile. It might be mitigated by SELinux, but even with SELinux on it still allows enumeration of files and
directories on the host.
Comment 8 TEJ RATHI 2025-01-22 04:32:41 UTC 
Embargo lifted as this CVE is now public.

References:
https://github.com/advisories/GHSA-5vpc-35f4-r8w6
Comment 9 errata-xmlrpc 2025-02-04 01:07:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:0922 https://access.redhat.com/errata/RHSA-2025:0922
Comment 10 errata-xmlrpc 2025-02-04 09:15:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:0923 https://access.redhat.com/errata/RHSA-2025:0923
Comment 11 errata-xmlrpc 2025-02-05 13:48:20 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0878 https://access.redhat.com/errata/RHSA-2025:0878
Comment 12 errata-xmlrpc 2025-02-10 01:04:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1187 https://access.redhat.com/errata/RHSA-2025:1187
Comment 13 errata-xmlrpc 2025-02-10 01:04:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1186 https://access.redhat.com/errata/RHSA-2025:1186
Comment 14 errata-xmlrpc 2025-02-10 01:30:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1188 https://access.redhat.com/errata/RHSA-2025:1188
Comment 15 errata-xmlrpc 2025-02-10 01:30:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1189 https://access.redhat.com/errata/RHSA-2025:1189
Comment 16 errata-xmlrpc 2025-02-10 06:12:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:0830 https://access.redhat.com/errata/RHSA-2025:0830
Comment 17 errata-xmlrpc 2025-02-10 08:30:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1207 https://access.redhat.com/errata/RHSA-2025:1207
Comment 18 errata-xmlrpc 2025-02-11 07:59:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1275 https://access.redhat.com/errata/RHSA-2025:1275
Comment 19 errata-xmlrpc 2025-02-11 11:33:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1295 https://access.redhat.com/errata/RHSA-2025:1295
Comment 20 errata-xmlrpc 2025-02-11 11:37:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1296 https://access.redhat.com/errata/RHSA-2025:1296
Comment 21 errata-xmlrpc 2025-02-13 00:30:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1372 https://access.redhat.com/errata/RHSA-2025:1372
Comment 23 errata-xmlrpc 2025-02-19 23:20:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:1453 https://access.redhat.com/errata/RHSA-2025:1453
Comment 24 errata-xmlrpc 2025-02-27 00:47:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:1707 https://access.redhat.com/errata/RHSA-2025:1707
Comment 25 errata-xmlrpc 2025-02-27 04:42:32 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:1713 https://access.redhat.com/errata/RHSA-2025:1713
Comment 26 errata-xmlrpc 2025-03-04 17:26:29 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:1908 https://access.redhat.com/errata/RHSA-2025:1908
Comment 27 errata-xmlrpc 2025-03-05 04:07:49 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:1914 https://access.redhat.com/errata/RHSA-2025:1914
Comment 28 errata-xmlrpc 2025-03-05 04:16:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:1910 https://access.redhat.com/errata/RHSA-2025:1910
Comment 29 errata-xmlrpc 2025-03-13 05:47:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:2454 https://access.redhat.com/errata/RHSA-2025:2454
Comment 30 errata-xmlrpc 2025-03-13 06:03:03 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:2456 https://access.redhat.com/errata/RHSA-2025:2456
Comment 31 errata-xmlrpc 2025-03-13 16:30:01 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:2441 https://access.redhat.com/errata/RHSA-2025:2441
Comment 32 errata-xmlrpc 2025-03-13 16:42:22 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:2443 https://access.redhat.com/errata/RHSA-2025:2443
Comment 33 errata-xmlrpc 2025-03-19 20:54:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:2710 https://access.redhat.com/errata/RHSA-2025:2710
Comment 34 errata-xmlrpc 2025-03-19 21:28:22 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:2712 https://access.redhat.com/errata/RHSA-2025:2712
Comment 35 errata-xmlrpc 2025-03-20 07:01:49 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:2701 https://access.redhat.com/errata/RHSA-2025:2701
Comment 36 errata-xmlrpc 2025-03-20 07:11:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:2703 https://access.redhat.com/errata/RHSA-2025:2703
Comment 39 errata-xmlrpc 2025-04-10 11:37:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:3577 https://access.redhat.com/errata/RHSA-2025:3577
Comment 42 errata-xmlrpc 2025-04-16 17:46:10 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:3798 https://access.redhat.com/errata/RHSA-2025:3798
Note You need to log in before you can comment on or make changes to this bug.