CVE-2024-11218 - Vulnerability Details

CVE-2024-11218 - Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Openshift Openshift Ironic Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
container-tools:rhel8-8100020250124120243.afee755d	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1372	2025-02-13T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
container-tools:rhel8-8060020250203202123.3b538bd8	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1207	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
container-tools:rhel8-8060020250203202123.3b538bd8	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1207	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
container-tools:rhel8-8060020250203202123.3b538bd8	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1207	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020250207173112.0f77c1b7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1275	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9
podman-4:5.2.2-13.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0922	2025-02-04T00:00:00Z
buildah-2:1.37.6-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0923	2025-02-04T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
podman-2:4.2.0-6.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1186	2025-02-10T00:00:00Z
buildah-1:1.26.9-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1187	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
buildah-1:1.29.5-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1295	2025-02-11T00:00:00Z
podman-2:4.4.1-22.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1296	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
buildah-2:1.33.12-2.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1188	2025-02-10T00:00:00Z
podman-4:4.9.4-17.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1189	2025-02-10T00:00:00Z
Red Hat OpenShift Container Platform 4.12
rhcos-412.86.202503052321-0	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:2441	2025-03-13T00:00:00Z
podman-3:4.2.0-13.rhaos4.12.el9	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:2443	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.13
buildah-1:1.29.5-1.rhaos4.13.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2025:2703	2025-03-20T00:00:00Z
podman-3:4.4.1-17.rhaos4.13.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2025:2703	2025-03-20T00:00:00Z
rhcos-413.92.202503112237-0	cpe:/a:redhat:openshift:4.13::el9	RHSA-2025:2701	2025-03-20T00:00:00Z
Red Hat OpenShift Container Platform 4.14
podman-3:4.4.1-22.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2025:1453	2025-02-19T00:00:00Z
buildah-1:1.29.5-1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2025:2712	2025-03-19T00:00:00Z
rhcos-414.92.202503100617-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2025:2710	2025-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.15
podman-3:4.4.1-33.rhaos4.15.el9	cpe:/a:redhat:openshift:4.15::el8	RHSA-2025:1713	2025-02-27T00:00:00Z
buildah-1:1.29.5-1.rhaos4.15.el9	cpe:/a:redhat:openshift:4.15::el8	RHSA-2025:2456	2025-03-13T00:00:00Z
rhcos-415.92.202503060749-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2025:2454	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.16
podman-4:4.9.4-13.rhaos4.16.el8	cpe:/a:redhat:openshift:4.16::el8	RHSA-2025:0830	2025-02-10T00:00:00Z
buildah-2:1.33.12-1.rhaos4.16.el8	cpe:/a:redhat:openshift:4.16::el8	RHSA-2025:1910	2025-03-05T00:00:00Z
rhcos-416.94.202502180249-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:1707	2025-02-27T00:00:00Z
Red Hat OpenShift Container Platform 4.17
podman-5:5.2.2-2.rhaos4.17.el8	cpe:/a:redhat:openshift:4.17::el8	RHSA-2025:0878	2025-02-05T00:00:00Z
buildah-2:1.33.12-1.rhaos4.17.el9	cpe:/a:redhat:openshift:4.17::el8	RHSA-2025:1914	2025-03-05T00:00:00Z
rhcos-417.94.202504080421-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:3798	2025-04-16T00:00:00Z
Red Hat OpenShift Container Platform 4.18
buildah-2:1.33.12-1.rhaos4.18.el9	cpe:/a:redhat:openshift:4.18::el9	RHSA-2025:1908	2025-03-04T00:00:00Z
rhcos-418.94.202504021150-0	cpe:/a:redhat:openshift:4.18::el9	RHSA-2025:3577	2025-04-10T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-0135	Buildah allows build breakout using malicious Containerfiles and concurrent builds
Github GHSA	GHSA-5vpc-35f4-r8w6	Buildah allows build breakout using malicious Containerfiles and concurrent builds

Fixes

Solution

No solution given by the vendor.

Workaround

Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled. SELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:0830
https://access.redhat.com/errata/RHSA-2025:0878
https://access.redhat.com/errata/RHSA-2025:0922
https://access.redhat.com/errata/RHSA-2025:0923
https://access.redhat.com/errata/RHSA-2025:1186
https://access.redhat.com/errata/RHSA-2025:1187
https://access.redhat.com/errata/RHSA-2025:1188
https://access.redhat.com/errata/RHSA-2025:1189
https://access.redhat.com/errata/RHSA-2025:1207
https://access.redhat.com/errata/RHSA-2025:1275
https://access.redhat.com/errata/RHSA-2025:1295
https://access.redhat.com/errata/RHSA-2025:1296
https://access.redhat.com/errata/RHSA-2025:1372
https://access.redhat.com/errata/RHSA-2025:1453
https://access.redhat.com/errata/RHSA-2025:1707
https://access.redhat.com/errata/RHSA-2025:1713
https://access.redhat.com/errata/RHSA-2025:1908
https://access.redhat.com/errata/RHSA-2025:1910
https://access.redhat.com/errata/RHSA-2025:1914
https://access.redhat.com/errata/RHSA-2025:2441
https://access.redhat.com/errata/RHSA-2025:2443
https://access.redhat.com/errata/RHSA-2025:2454
https://access.redhat.com/errata/RHSA-2025:2456
https://access.redhat.com/errata/RHSA-2025:2701
https://access.redhat.com/errata/RHSA-2025:2703
https://access.redhat.com/errata/RHSA-2025:2710
https://access.redhat.com/errata/RHSA-2025:2712
https://access.redhat.com/errata/RHSA-2025:3577
https://access.redhat.com/errata/RHSA-2025:3798
https://access.redhat.com/security/cve/CVE-2024-11218
https://bugzilla.redhat.com/show_bug.cgi?id=2326231
https://github.com/containers/buildah/pull/5918
https://nvd.nist.gov/vuln/detail/CVE-2024-11218
https://www.cve.org/CVERecord?id=CVE-2024-11218

History

Wed, 08 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4

Wed, 08 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Thu, 02 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos
References		https://github.com/containers/buildah/pull/5918

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0004}`	epss `{'score': 0.00043}`

Mon, 30 Jun 2025 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Thu, 08 May 2025 09:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~

Wed, 16 Apr 2025 19:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:3798

Thu, 10 Apr 2025 13:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:3577

Thu, 20 Mar 2025 07:30:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2703

Thu, 20 Mar 2025 07:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2025:2701

Wed, 19 Mar 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2710

Wed, 19 Mar 2025 21:45:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2712

Thu, 13 Mar 2025 17:30:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2443

Thu, 13 Mar 2025 16:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9
References		https://access.redhat.com/errata/RHSA-2025:2441

Thu, 13 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2456

Thu, 13 Mar 2025 06:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:2454

Wed, 05 Mar 2025 05:45:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:1914

Wed, 05 Mar 2025 04:45:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:1910

Tue, 04 Mar 2025 17:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9
References		https://access.redhat.com/errata/RHSA-2025:1908

Thu, 27 Feb 2025 05:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9
References		https://access.redhat.com/errata/RHSA-2025:1713

Thu, 27 Feb 2025 01:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:1707

Thu, 20 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9
References		https://access.redhat.com/errata/RHSA-2025:1453

Fri, 14 Feb 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Thu, 13 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream
References		https://access.redhat.com/errata/RHSA-2025:1372

Thu, 13 Feb 2025 01:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.6

Wed, 12 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 11 Feb 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:1296

Tue, 11 Feb 2025 11:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.2::appstream
References		https://access.redhat.com/errata/RHSA-2025:1295

Tue, 11 Feb 2025 08:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2025:1275

Mon, 10 Feb 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:1207

Mon, 10 Feb 2025 06:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Ironic
CPEs		cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift_ironic:4.16::el9
Vendors & Products		Redhat openshift Ironic
References		https://access.redhat.com/errata/RHSA-2025:0830

Mon, 10 Feb 2025 06:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:1186 https://access.redhat.com/errata/RHSA-2025:1188

Mon, 10 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:1189

Mon, 10 Feb 2025 01:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:1187

Thu, 06 Feb 2025 09:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el8 cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:0878

Tue, 04 Feb 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~
References		https://access.redhat.com/errata/RHSA-2025:0923

Tue, 04 Feb 2025 01:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2025:0922

Wed, 22 Jan 2025 13:45:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-11218 https://www.cve.org/CVERecord?id=CVE-2024-11218
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 22 Jan 2025 05:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Title		Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-269
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2024-11218 https://bugzilla.redhat.com/show_bug.cgi?id=2326231
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-22T04:55:30.649Z

Updated: 2025-10-08T14:24:59.911Z

Reserved: 2024-11-14T13:11:49.476Z

Link: CVE-2024-11218

Vulnrichment

Updated: 2025-02-12T17:08:18.179Z

NVD

Status : Awaiting Analysis

Published: 2025-01-22T05:15:08.903

Modified: 2025-10-02T00:15:28.633

Link: CVE-2024-11218

Redhat

Severity : Important

Publid Date: 2025-01-20T00:00:00Z

Links: CVE-2024-11218 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object