A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Openshift Ironic
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
container-tools:rhel8-8100020250124120243.afee755d cpe:/a:redhat:enterprise_linux:8 RHSA-2025:1372 2025-02-13T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
container-tools:rhel8-8060020250203202123.3b538bd8 cpe:/a:redhat:rhel_aus:8.6 RHSA-2025:1207 2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
container-tools:rhel8-8060020250203202123.3b538bd8 cpe:/a:redhat:rhel_tus:8.6 RHSA-2025:1207 2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
container-tools:rhel8-8060020250203202123.3b538bd8 cpe:/a:redhat:rhel_e4s:8.6 RHSA-2025:1207 2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020250207173112.0f77c1b7 cpe:/a:redhat:rhel_eus:8.8 RHSA-2025:1275 2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9
podman-4:5.2.2-13.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:0922 2025-02-04T00:00:00Z
buildah-2:1.37.6-1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:0923 2025-02-04T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
podman-2:4.2.0-6.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2025:1186 2025-02-10T00:00:00Z
buildah-1:1.26.9-1.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2025:1187 2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
buildah-1:1.29.5-1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2025:1295 2025-02-11T00:00:00Z
podman-2:4.4.1-22.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2025:1296 2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
buildah-2:1.33.12-2.el9_4 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:1188 2025-02-10T00:00:00Z
podman-4:4.9.4-17.el9_4 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:1189 2025-02-10T00:00:00Z
Red Hat OpenShift Container Platform 4.12
rhcos-412.86.202503052321-0 cpe:/a:redhat:openshift:4.12::el8 RHSA-2025:2441 2025-03-13T00:00:00Z
podman-3:4.2.0-13.rhaos4.12.el9 cpe:/a:redhat:openshift:4.12::el8 RHSA-2025:2443 2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.13
buildah-1:1.29.5-1.rhaos4.13.el9 cpe:/a:redhat:openshift:4.13::el8 RHSA-2025:2703 2025-03-20T00:00:00Z
podman-3:4.4.1-17.rhaos4.13.el9 cpe:/a:redhat:openshift:4.13::el8 RHSA-2025:2703 2025-03-20T00:00:00Z
rhcos-413.92.202503112237-0 cpe:/a:redhat:openshift:4.13::el9 RHSA-2025:2701 2025-03-20T00:00:00Z
Red Hat OpenShift Container Platform 4.14
podman-3:4.4.1-22.rhaos4.14.el9 cpe:/a:redhat:openshift:4.14::el8 RHSA-2025:1453 2025-02-19T00:00:00Z
buildah-1:1.29.5-1.rhaos4.14.el9 cpe:/a:redhat:openshift:4.14::el8 RHSA-2025:2712 2025-03-19T00:00:00Z
rhcos-414.92.202503100617-0 cpe:/a:redhat:openshift:4.14::el9 RHSA-2025:2710 2025-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.15
podman-3:4.4.1-33.rhaos4.15.el9 cpe:/a:redhat:openshift:4.15::el8 RHSA-2025:1713 2025-02-27T00:00:00Z
buildah-1:1.29.5-1.rhaos4.15.el9 cpe:/a:redhat:openshift:4.15::el8 RHSA-2025:2456 2025-03-13T00:00:00Z
rhcos-415.92.202503060749-0 cpe:/a:redhat:openshift:4.15::el9 RHSA-2025:2454 2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.16
podman-4:4.9.4-13.rhaos4.16.el8 cpe:/a:redhat:openshift:4.16::el8 RHSA-2025:0830 2025-02-10T00:00:00Z
buildah-2:1.33.12-1.rhaos4.16.el8 cpe:/a:redhat:openshift:4.16::el8 RHSA-2025:1910 2025-03-05T00:00:00Z
rhcos-416.94.202502180249-0 cpe:/a:redhat:openshift:4.16::el9 RHSA-2025:1707 2025-02-27T00:00:00Z
Red Hat OpenShift Container Platform 4.17
podman-5:5.2.2-2.rhaos4.17.el8 cpe:/a:redhat:openshift:4.17::el8 RHSA-2025:0878 2025-02-05T00:00:00Z
buildah-2:1.33.12-1.rhaos4.17.el9 cpe:/a:redhat:openshift:4.17::el8 RHSA-2025:1914 2025-03-05T00:00:00Z
rhcos-417.94.202504080421-0 cpe:/a:redhat:openshift:4.17::el9 RHSA-2025:3798 2025-04-16T00:00:00Z
Red Hat OpenShift Container Platform 4.18
buildah-2:1.33.12-1.rhaos4.18.el9 cpe:/a:redhat:openshift:4.18::el9 RHSA-2025:1908 2025-03-04T00:00:00Z
rhcos-418.94.202504021150-0 cpe:/a:redhat:openshift:4.18::el9 RHSA-2025:3577 2025-04-10T00:00:00Z

No data.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:0830 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:0878 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:0922 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:0923 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1186 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1187 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1188 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1189 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1207 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1275 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1295 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1296 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1372 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1453 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1707 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1713 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1908 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1910 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1914 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2441 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2443 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2456 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2701 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2703 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2710 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2712 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3577 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3798 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-11218 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2326231 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-11218 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-11218 cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

 epss

{'score': 0.00043}

Mon, 30 Jun 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Thu, 08 May 2025 09:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4

Wed, 16 Apr 2025 19:00:00 +0000

Type Values Removed Values Added
References

Thu, 10 Apr 2025 13:00:00 +0000

Type Values Removed Values Added
References

Thu, 20 Mar 2025 07:30:00 +0000

Type Values Removed Values Added
References

Thu, 20 Mar 2025 07:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el8
cpe:/a:redhat:openshift:4.13::el9
References

Wed, 19 Mar 2025 23:15:00 +0000

Type Values Removed Values Added
References

Wed, 19 Mar 2025 21:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Mar 2025 17:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Mar 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/a:redhat:openshift:4.12::el9
References

Thu, 13 Mar 2025 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Mar 2025 06:00:00 +0000

Type Values Removed Values Added
References

Wed, 05 Mar 2025 05:45:00 +0000

Type Values Removed Values Added
References

Wed, 05 Mar 2025 04:45:00 +0000

Type Values Removed Values Added
References

Tue, 04 Mar 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el8
cpe:/a:redhat:openshift:4.18::el9
References

Thu, 27 Feb 2025 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:openshift:4.15::el9
References

Thu, 27 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
References

Thu, 20 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8
cpe:/a:redhat:openshift:4.14::el9
References

Fri, 14 Feb 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 13 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.6

Wed, 12 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 11 Feb 2025 12:15:00 +0000

Type Values Removed Values Added
References

Tue, 11 Feb 2025 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.2::appstream
References

Tue, 11 Feb 2025 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
References

Mon, 10 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel Tus
References

Mon, 10 Feb 2025 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Ironic
CPEs cpe:/a:redhat:openshift:4.16::el8
cpe:/a:redhat:openshift:4.16::el9
cpe:/a:redhat:openshift_ironic:4.16::el9
Vendors & Products Redhat openshift Ironic
References

Mon, 10 Feb 2025 06:00:00 +0000

Type Values Removed Values Added
References

Mon, 10 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Mon, 10 Feb 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Thu, 06 Feb 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el8
cpe:/a:redhat:openshift:4.17::el9
References

Tue, 04 Feb 2025 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Tue, 04 Feb 2025 01:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Wed, 22 Jan 2025 13:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 22 Jan 2025 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Title Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-269
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-06T04:53:58.659Z

Reserved: 2024-11-14T13:11:49.476Z

Link: CVE-2024-11218

cve-icon Vulnrichment

Updated: 2025-02-12T17:08:18.179Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-01-22T05:15:08.903

Modified: 2025-04-16T19:15:50.680

Link: CVE-2024-11218

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-20T00:00:00Z

Links: CVE-2024-11218 - Bugzilla

cve-icon OpenCVE Enrichment

No data.