CVE-2024-11218

Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile

Description

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Remediation

Workaround:

  • Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled. SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.

Category

8.6
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Affected: Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support
Affected: Red Hat Red Hat OpenShift Container Platform 4.12
Affected: Red Hat Red Hat OpenShift Container Platform 4.12
Affected: Red Hat Red Hat OpenShift Container Platform 4.13
Affected: Red Hat Red Hat OpenShift Container Platform 4.13
Affected: Red Hat Red Hat OpenShift Container Platform 4.13
Affected: Red Hat Red Hat OpenShift Container Platform 4.14
Affected: Red Hat Red Hat OpenShift Container Platform 4.14
Affected: Red Hat Red Hat OpenShift Container Platform 4.14
Affected: Red Hat Red Hat OpenShift Container Platform 4.15
Affected: Red Hat Red Hat OpenShift Container Platform 4.15
Affected: Red Hat Red Hat OpenShift Container Platform 4.15
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.17
Affected: Red Hat Red Hat OpenShift Container Platform 4.17
Affected: Red Hat Red Hat OpenShift Container Platform 4.17
Affected: Red Hat Red Hat OpenShift Container Platform 4.18
Affected: Red Hat Red Hat OpenShift Container Platform 4.18
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2025:0830 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0878 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0922 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0923 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1186 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1187 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1188 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1189 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1207 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1275 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1295 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1296 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1372 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1453 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1707 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1713 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1908 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1910 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1914 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2441 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2443 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2454 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2456 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2701 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2703 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2710 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2712 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3577 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3798 vendor advisory
https://access.redhat.com/security/cve/CVE-2024-11218 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2326231 issue tracking

Frequently Asked Questions

What is the severity of CVE-2024-11218?
CVE-2024-11218 has been scored as a high severity vulnerability.
How to fix CVE-2024-11218?
As a workaround for remediating CVE-2024-11218: Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled. SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.
Is CVE-2024-11218 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-11218 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-11218?
CVE-2024-11218 affects Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat OpenShift Container Platform 4.12, Red Hat Red Hat OpenShift Container Platform 4.12, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat Red Hat OpenShift Container Platform 4.18, Red Hat Red Hat OpenShift Container Platform 4.18.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.