CVE-2024-9676

Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

Description

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Remediation

Workaround:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2024:10289	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8418	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8428	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8437	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8686	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8690	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8694	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8700	vendor advisory
https://access.redhat.com/errata/RHSA-2024:8984	vendor advisory
https://access.redhat.com/errata/RHSA-2024:9051	vendor advisory
https://access.redhat.com/errata/RHSA-2024:9454	vendor advisory
https://access.redhat.com/errata/RHSA-2024:9459	vendor advisory
https://access.redhat.com/errata/RHSA-2024:9926	vendor advisory
https://access.redhat.com/errata/RHSA-2025:0876	vendor advisory
https://access.redhat.com/errata/RHSA-2025:2454	vendor advisory
https://access.redhat.com/errata/RHSA-2025:2710	vendor advisory
https://access.redhat.com/errata/RHSA-2025:3301	vendor advisory
https://access.redhat.com/security/cve/CVE-2024-9676	vdb entry vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317467	issue tracking
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf	third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-9676?: CVE-2024-9676 has been scored as a medium severity vulnerability.
How to fix CVE-2024-9676?: As a workaround for remediating CVE-2024-9676: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2024-9676 being actively exploited in the wild?: It is possible that CVE-2024-9676 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9676?: CVE-2024-9676 affects Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat OpenShift Container Platform 4.12, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat OpenShift Developer Tools and Services, Red Hat OpenShift Developer Tools and Services, Red Hat OpenShift Developer Tools and Services, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat Quay 3.

Description

Remediation

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions