When performing bind mounts as part of a build-time RUN step, the ‘source’ argument is not validated to ensure that it exists within the root filesystem. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Created buildah tracking bugs for this issue: Affects: fedora-all [bug 2270125] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2270124]
removed buildah affects for openshift per comment on OCPBUGS-31004 and related openshift-4/buildah trackers
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2055 https://access.redhat.com/errata/RHSA-2024:2055
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:2064 https://access.redhat.com/errata/RHSA-2024:2064
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:2066 https://access.redhat.com/errata/RHSA-2024:2066
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:2077 https://access.redhat.com/errata/RHSA-2024:2077
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2084 https://access.redhat.com/errata/RHSA-2024:2084
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:2089 https://access.redhat.com/errata/RHSA-2024:2089
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2098 https://access.redhat.com/errata/RHSA-2024:2098
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:2645 https://access.redhat.com/errata/RHSA-2024:2645
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2049 https://access.redhat.com/errata/RHSA-2024:2049
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2669 https://access.redhat.com/errata/RHSA-2024:2669
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2672 https://access.redhat.com/errata/RHSA-2024:2672