// For flags

CVE-2024-11218

Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile

Severity Score

8.6
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

This update for podman fixes the following issues. Github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service Load ip_tables and ip6_tables kernel module Required for rootless mode as a regular user has no permission to load kernel modules. Fixed cache arbitrary directory mount in buildah. Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library. Fixed full container escape at build time in buildah. Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. Refactor network backend dependencies. Podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. This fixes missing cni-plugins in some scenarios Default to netavark everywhere where it's available.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-11-14 CVE Reserved
  • 2025-01-22 CVE Published
  • 2025-06-30 CVE Updated
  • 2025-07-23 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
References (31)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://access.redhat.com/security/cve/CVE-2024-11218 2025-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=2326231 2025-01-22
https://access.redhat.com/errata/RHSA-2025:0830 2025-06-30
https://access.redhat.com/errata/RHSA-2025:0878 2025-06-30
https://access.redhat.com/errata/RHSA-2025:0922 2025-06-30
https://access.redhat.com/errata/RHSA-2025:0923 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1186 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1187 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1188 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1189 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1207 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1275 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1295 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1296 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1372 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1453 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1707 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1713 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1908 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1910 2025-06-30
https://access.redhat.com/errata/RHSA-2025:1914 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2441 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2443 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2454 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2456 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2701 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2703 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2710 2025-06-30
https://access.redhat.com/errata/RHSA-2025:2712 2025-06-30
https://access.redhat.com/errata/RHSA-2025:3577 2025-06-30
https://access.redhat.com/errata/RHSA-2025:3798 2025-06-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
*-
Affected
Red Hat
Search vendor "Red Hat"
 Enterprise Linux
Search vendor "Red Hat" for product "Enterprise Linux"
*-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
*-
Affected
Redhat
Search vendor "Redhat"
 Openshift
Search vendor "Redhat" for product "Openshift"
*-
Affected
Redhat
Search vendor "Redhat"
 Openshift Ironic
Search vendor "Redhat" for product "Openshift Ironic"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel Aus
Search vendor "Redhat" for product "Rhel Aus"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel E4s
Search vendor "Redhat" for product "Rhel E4s"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel Eus
Search vendor "Redhat" for product "Rhel Eus"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel Tus
Search vendor "Redhat" for product "Rhel Tus"
*-
Affected
Alma
Search vendor "Alma"
 Linux
Search vendor "Alma" for product "Linux"
*-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
*-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
*-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
*-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
*-
Affected
Redhat
Search vendor "Redhat"
 Openshift
Search vendor "Redhat" for product "Openshift"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel Aus
Search vendor "Redhat" for product "Rhel Aus"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel E4s
Search vendor "Redhat" for product "Rhel E4s"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel Eus
Search vendor "Redhat" for product "Rhel Eus"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhel Tus
Search vendor "Redhat" for product "Rhel Tus"
*-
Affected
Rocky
Search vendor "Rocky"
 Linux
Search vendor "Rocky" for product "Linux"
*-
Affected
Suse
Search vendor "Suse"
 Packagehub
Search vendor "Suse" for product "Packagehub"
*-
Affected
Suse
Search vendor "Suse"
 Sle-module-containers
Search vendor "Suse" for product "Sle-module-containers"
*-
Affected
Suse
Search vendor "Suse"
 Sle Hpc-espos
Search vendor "Suse" for product "Sle Hpc-espos"
*-
Affected
Suse
Search vendor "Suse"
 Sle Hpc-ltss
Search vendor "Suse" for product "Sle Hpc-ltss"
*-
Affected
Suse
Search vendor "Suse"
 Sles-ltss
Search vendor "Suse" for product "Sles-ltss"
*-
Affected
Suse
Search vendor "Suse"
 Sles Sap
Search vendor "Suse" for product "Sles Sap"
*-
Affected