CVE-2024-9676
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
This update for podman fixes the following issues. Github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service Load ip_tables and ip6_tables kernel module Required for rootless mode as a regular user has no permission to load kernel modules. Fixed cache arbitrary directory mount in buildah. Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library. Fixed full container escape at build time in buildah. Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. Refactor network backend dependencies. Podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. This fixes missing cni-plugins in some scenarios Default to netavark everywhere where it's available.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-10-09 CVE Reserved
- 2024-10-15 CVE Published
- 2025-07-01 EPSS Updated
- 2025-07-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ocp Tools Search vendor "Redhat" for product "Ocp Tools" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform For Ibm Z Search vendor "Redhat" for product "Openshift Container Platform For Ibm Z" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Ironic Search vendor "Redhat" for product "Openshift Ironic" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Quay Search vendor "Redhat" for product "Quay" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Eus Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
Rocky Search vendor "Rocky" | Linux Search vendor "Rocky" for product "Linux" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-module-containers Search vendor "Suse" for product "Sle-module-containers" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
|