CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-11218: Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile

Description

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Classification

CVE ID: CVE-2024-11218

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 8

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 19.56% (scored less or equal to compared to others)

EPSS Date: 2025-02-20 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2024-11218
https://bugzilla.redhat.com/show_bug.cgi?id=2326231

Timeline

2025-01-23 00:30:16 UTC
CVE

Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
2025-02-07 09:45:58 UTC
Tenable Plugins

RHEL 8 / 9 : OpenShift Container Platform 4.17.15 (RHSA-2025:0878)
2025-02-10 08:31:14 UTC
Tenable Plugins

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2025:0382-1)
2025-02-13 10:00:21 UTC
Tenable Plugins

RHEL 8 : container-tools:rhel8 (RHSA-2025:1372)
2025-02-20 10:15:18 UTC
Tenable Plugins

RHEL 8 / 9 : OpenShift Container Platform 4.14.48 (RHSA-2025:1453)
2025-02-27 11:00:27 UTC
Tenable Plugins

RHEL 8 / 9 : OpenShift Container Platform 4.15.46 (RHSA-2025:1713)