CVE-2024-9676

Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE
PS

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

This update for podman fixes the following issues. Github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service Load ip_tables and ip6_tables kernel module Required for rootless mode as a regular user has no permission to load kernel modules. Fixed cache arbitrary directory mount in buildah. Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library. Fixed full container escape at build time in buildah. Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. Refactor network backend dependencies. Podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. This fixes missing cni-plugins in some scenarios Default to netavark everywhere where it's available.

*Credits: Red Hat would like to thank Erik Sjölund (Upstream) for reporting this issue.

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-10-09 CVE Reserved
2024-10-15 CVE Published
2025-07-01 EPSS Updated
2025-07-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (20)

URL	Tag	Source
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:10289	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8418	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8428	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8437	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8686	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8690	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8694	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8700	2025-07-03
https://access.redhat.com/errata/RHSA-2024:8984	2025-07-03
https://access.redhat.com/errata/RHSA-2024:9051	2025-07-03
https://access.redhat.com/errata/RHSA-2024:9454	2025-07-03
https://access.redhat.com/errata/RHSA-2024:9459	2025-07-03
https://access.redhat.com/errata/RHSA-2024:9926	2025-07-03
https://access.redhat.com/errata/RHSA-2025:0876	2025-07-03
https://access.redhat.com/errata/RHSA-2025:2454	2025-07-03
https://access.redhat.com/errata/RHSA-2025:2710	2025-07-03
https://access.redhat.com/errata/RHSA-2025:3301	2025-07-03
https://access.redhat.com/security/cve/CVE-2024-9676	2025-04-03
https://bugzilla.redhat.com/show_bug.cgi?id=2317467	2025-04-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Red Hat Search vendor "Red Hat"		Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Ocp Tools Search vendor "Redhat" for product "Ocp Tools"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform For Ibm Z Search vendor "Redhat" for product "Openshift Container Platform For Ibm Z"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Ironic Search vendor "Redhat" for product "Openshift Ironic"				*		-		Affected
Redhat Search vendor "Redhat"		Quay Search vendor "Redhat" for product "Quay"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Alma Search vendor "Alma"		Linux Search vendor "Alma" for product "Linux"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				*		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				*		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Arm 64 Eus Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Rocky Search vendor "Rocky"		Linux Search vendor "Rocky" for product "Linux"				*		-		Affected
Suse Search vendor "Suse"		Sle-module-containers Search vendor "Suse" for product "Sle-module-containers"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc Search vendor "Suse" for product "Sle Hpc"				*		-		Affected
Suse Search vendor "Suse"		Sles-ltss Search vendor "Suse" for product "Sles-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sles Search vendor "Suse" for product "Sles"				*		-		Affected
Suse Search vendor "Suse"		Sles Sap Search vendor "Suse" for product "Sles Sap"				*		-		Affected