A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Exploitation poc

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
unaffected
Version Status Constraints
4.15.0 affected
Red Hat Red Hat Enterprise Linux 8 affected
Version Status Constraints
8090020240413110917.d7b6f4b7 unaffected < *
Red Hat Red Hat Enterprise Linux 8 affected
Version Status Constraints
8090020240417184044.e7857ab1 unaffected < *
Red Hat Red Hat Enterprise Linux 8 affected
Version Status Constraints
8100020240419145834.afee755d unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support affected
Version Status Constraints
8060020240422155330.3b538bd8 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support affected
Version Status Constraints
8060020240419071711.2e213529 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support affected
Version Status Constraints
8080020240422101606.0f77c1b7 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
1:1.31.5-1.el9_3 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
4:4.9.4-3.el9_4 unaffected < *
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support affected
Version Status Constraints
1:1.26.7-1.el9_0 unaffected < *
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support affected
Version Status Constraints
2:4.2.0-3.el9_0 unaffected < *
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support affected
Version Status Constraints
1:1.29.3-1.el9_2 unaffected < *
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support affected
Version Status Constraints
2:4.4.1-16.el9_2 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.12 affected
Version Status Constraints
3:4.4.1-3.2.rhaos4.12.el8 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.13 affected
Version Status Constraints
3:4.4.1-5.3.rhaos4.13.el8 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.13 affected
Version Status Constraints
3:4.4.1-7.3.rhaos4.13.el8 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.14 affected
Version Status Constraints
3:4.4.1-13.4.rhaos4.14.el8 unaffected < *
Red Hat Red Hat OpenShift Container Platform 4.15 affected
Version Status Constraints
3:4.4.1-23.2.rhaos4.15.el9 unaffected < *
Red Hat Red Hat Enterprise Linux 7 unaffected
Red Hat Red Hat Enterprise Linux 7 unknown
Red Hat Red Hat OpenShift Container Platform 3.11 unknown

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
container-tools:4.0-8090020240413110917.d7b6f4b7 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2084 2024-04-29T00:00:00Z
container-tools:rhel8-8090020240417184044.e7857ab1 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2098 2024-04-29T00:00:00Z
container-tools:rhel8-8100020240419145834.afee755d cpe:/a:redhat:enterprise_linux:8 RHSA-2024:3254 2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
container-tools:rhel8-8060020240422155330.3b538bd8 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:2090 2024-04-30T00:00:00Z
container-tools:4.0-8060020240419071711.2e213529 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:2097 2024-04-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020240422101606.0f77c1b7 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:2077 2024-04-29T00:00:00Z
Red Hat Enterprise Linux 9
buildah-1:1.31.5-1.el9_3 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2055 2024-04-25T00:00:00Z
podman-4:4.9.4-3.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2548 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
buildah-1:1.26.7-1.el9_0 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:2066 2024-04-25T00:00:00Z
podman-2:4.2.0-3.el9_0 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:2089 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
buildah-1:1.29.3-1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:2064 2024-04-25T00:00:00Z
podman-2:4.4.1-16.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:2645 2024-05-01T00:00:00Z
Red Hat OpenShift Container Platform 4.12
podman-3:4.4.1-3.2.rhaos4.12.el8 cpe:/a:redhat:openshift:4.12::el8 RHSA-2024:2784 2024-05-16T00:00:00Z
Red Hat OpenShift Container Platform 4.13
podman-3:4.4.1-6.3.rhaos4.13.el9 cpe:/a:redhat:openshift:4.13::el8 RHSA-2024:2049 2024-05-02T00:00:00Z
podman-3:4.4.1-8.3.rhaos4.13.el9 cpe:/a:redhat:openshift:4.13::el8 RHSA-2024:2877 2024-05-23T00:00:00Z
Red Hat OpenShift Container Platform 4.14
podman-3:4.4.1-13.4.rhaos4.14.el9 cpe:/a:redhat:openshift:4.14::el8 RHSA-2024:2672 2024-05-09T00:00:00Z
Red Hat OpenShift Container Platform 4.15
podman-3:4.4.1-23.2.rhaos4.15.el9 cpe:/a:redhat:openshift:4.15::el8 RHSA-2024:2669 2024-05-09T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Redhat Subscribe
Enterprise Linux Subscribe
Openshift Subscribe
Rhel Eus Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2024-0867 A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Github GHSA Github GHSA GHSA-874v-pj72-92f3 Podman affected by CVE-2024-1753 container escape at build time
Fixes

Solution

No solution given by the vendor.

Workaround

When SELinux is enabled, the container is restricted to limited read-only access.

References
Link Providers
https://access.redhat.com/errata/RHSA-2024:2049 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2064 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2066 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2077 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2084 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2089 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2090 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2097 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2098 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2548 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2645 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2669 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2672 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2784 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2877 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3254 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-1753 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2265513 cve-icon cve-icon
https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf cve-icon cve-icon cve-icon
https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3 cve-icon cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-1753 cve-icon
https://pkg.go.dev/vuln/GO-2024-2658 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-1753 cve-icon
History

Tue, 26 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
References

Sun, 24 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Fri, 22 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-59

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Wed, 06 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-11-20T07:11:54.063Z

Reserved: 2024-02-22T14:42:20.623Z

Link: CVE-2024-1753

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:22.005Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-18T15:15:41.170

Modified: 2024-11-26T20:15:26.237

Link: CVE-2024-1753

cve-icon Redhat

Severity : Important

Publid Date: 2024-03-18T00:00:00Z

Links: CVE-2024-1753 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses