A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Fixes

Solution

No solution given by the vendor.


Workaround

Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled. SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:0830 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:0878 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:0922 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:0923 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1186 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1187 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1188 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1189 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1207 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1275 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1295 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1296 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1372 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1453 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1707 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1713 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1908 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1910 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1914 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2441 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2443 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2456 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2701 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2703 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2710 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2712 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3577 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3798 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-11218 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2326231 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-11218 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-11218 cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

epss

{'score': 0.00043}


Mon, 30 Jun 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Thu, 08 May 2025 09:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4

Wed, 16 Apr 2025 19:00:00 +0000

Type Values Removed Values Added
References

Thu, 10 Apr 2025 13:00:00 +0000

Type Values Removed Values Added
References

Thu, 20 Mar 2025 07:30:00 +0000

Type Values Removed Values Added
References

Thu, 20 Mar 2025 07:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el8
cpe:/a:redhat:openshift:4.13::el9
References

Wed, 19 Mar 2025 23:15:00 +0000

Type Values Removed Values Added
References

Wed, 19 Mar 2025 21:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Mar 2025 17:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Mar 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/a:redhat:openshift:4.12::el9
References

Thu, 13 Mar 2025 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Mar 2025 06:00:00 +0000

Type Values Removed Values Added
References

Wed, 05 Mar 2025 05:45:00 +0000

Type Values Removed Values Added
References

Wed, 05 Mar 2025 04:45:00 +0000

Type Values Removed Values Added
References

Tue, 04 Mar 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el8
cpe:/a:redhat:openshift:4.18::el9
References

Thu, 27 Feb 2025 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:openshift:4.15::el9
References

Thu, 27 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
References

Thu, 20 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8
cpe:/a:redhat:openshift:4.14::el9
References

Fri, 14 Feb 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 13 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.6

Wed, 12 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 11 Feb 2025 12:15:00 +0000

Type Values Removed Values Added
References

Tue, 11 Feb 2025 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.2::appstream
References

Tue, 11 Feb 2025 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
References

Mon, 10 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel Tus
References

Mon, 10 Feb 2025 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Ironic
CPEs cpe:/a:redhat:openshift:4.16::el8
cpe:/a:redhat:openshift:4.16::el9
cpe:/a:redhat:openshift_ironic:4.16::el9
Vendors & Products Redhat openshift Ironic
References

Mon, 10 Feb 2025 06:00:00 +0000


Mon, 10 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Mon, 10 Feb 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Thu, 06 Feb 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el8
cpe:/a:redhat:openshift:4.17::el9
References

Tue, 04 Feb 2025 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Tue, 04 Feb 2025 01:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Wed, 22 Jan 2025 13:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Wed, 22 Jan 2025 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Title Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-269
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T19:24:49.384Z

Reserved: 2024-11-14T13:11:49.476Z

Link: CVE-2024-11218

cve-icon Vulnrichment

Updated: 2025-02-12T17:08:18.179Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-01-22T05:15:08.903

Modified: 2025-04-16T19:15:50.680

Link: CVE-2024-11218

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-20T00:00:00Z

Links: CVE-2024-11218 - Bugzilla

cve-icon OpenCVE Enrichment

No data.