podman/buildah on Red Hat products: container breakout using podman/buildah (CVE-2024-11218) #shorts

Summary

In today's podcast, we're diving into CVE-2024-11218, a critical vulnerability affecting container management tools in Red Hat Enterprise Linux and OpenShift Container Platform. This vulnerability, uncovered in early 2025, exposes systems to improper privilege management, potentially leading to security breaches.

Product details

CVE-2024-11218 has been identified in Red Hat Enterprise Linux versions 8 and 9, and Red Hat OpenShift Container Platform 4. It primarily affects container tools 'podman' and 'buildah', commonly used for building and managing containers.

Vulnerability type summary

This vulnerability falls under the category of 'Improper Privilege Management'. Such vulnerabilities allow users or attackers to execute actions that should be restricted, leading to possible unauthorized access or privilege escalation.

Details of the vulnerability

CVE-2024-11218 occurs due to a container breakout that exploits a race condition when using the '--jobs=2' option during a malicious Containerfile build with podman or buildah. While SELinux may mitigate some risks, the vulnerability still allows for enumeration of files and directories on the host system. Security advisories and updates have been released by SUSE and Fedora to address these issues in affected versions.

Conclusion

As we wrap up today's discussion, it's vital for users and administrators utilizing Red Hat's container tools to promptly apply the latest security updates to mitigate CVE-2024-11218. Ongoing vigilance against privilege management vulnerabilities remains critical to maintaining secure computing environments.

Watch the full video on YouTube: CVE-2024-11218

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

CVE database technical details

CVE ID

CVE-2024-11218

Description

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Provider

redhat

CWE / problem types

Improper Privilege Management

Affected Software Versions

None:None:[{'status': 'affected', 'version': '0', 'lessThan': '1.33.12', 'versionType': 'semver'}, {'status': 'affected', 'version': '1.35.0', 'lessThan': '1.35.5', 'versionType': 'semver'}, {'status': 'affected', 'version': '1.37.0', 'lessThan': '1.37.6', 'versionType': 'semver'}, {'status': 'affected', 'version': '1.38.0', 'lessThan': '1.38.1', 'versionType': 'semver'}],Red Hat:Red Hat Enterprise Linux 8:[{'version': '8100020250124120243.afee755d', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:[{'version': '8060020250203202123.3b538bd8', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.6 Telecommunications Update Service:[{'version': '8060020250203202123.3b538bd8', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:[{'version': '8060020250203202123.3b538bd8', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.8 Extended Update Support:[{'version': '8080020250207173112.0f77c1b7', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9:[{'version': '4:5.2.2-13.el9_5', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9:[{'version': '2:1.37.6-1.el9_5', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:[{'version': '2:4.2.0-6.el9_0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:[{'version': '1:1.26.9-1.el9_0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.2 Extended Update Support:[{'version': '1:1.29.5-1.el9_2', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.2 Extended Update Support:[{'version': '2:4.4.1-22.el9_2', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.4 Extended Update Support:[{'version': '2:1.33.12-2.el9_4', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.4 Extended Update Support:[{'version': '4:4.9.4-17.el9_4', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.12:[{'version': '412.86.202503052321-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.12:[{'version': '3:4.2.0-13.rhaos4.12.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.13:[{'version': '1:1.29.5-1.rhaos4.13.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.13:[{'version': '3:4.4.1-17.rhaos4.13.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.13:[{'version': '413.92.202503112237-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.14:[{'version': '3:4.4.1-22.rhaos4.14.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.14:[{'version': '1:1.29.5-1.rhaos4.14.el8', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.14:[{'version': '414.92.202503100617-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.15:[{'version': '3:4.4.1-33.rhaos4.15.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.15:[{'version': '1:1.29.5-1.rhaos4.15.el8', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.15:[{'version': '415.92.202503060749-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.16:[{'version': '4:4.9.4-13.rhaos4.16.el8', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.16:[{'version': '2:1.33.12-1.rhaos4.16.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.16:[{'version': '416.94.202502180249-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.17:[{'version': '5:5.2.2-2.rhaos4.17.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.17:[{'version': '2:1.33.12-1.rhaos4.17.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.17:[{'version': '417.94.202504080421-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.18:[{'version': '2:1.33.12-1.rhaos4.18.el9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat OpenShift Container Platform 4.18:[{'version': '418.94.202504021150-0', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}]

Date Published

2025-01-22T04:55:30.649Z

Last Updated

2025-05-08T09:36:02.627Z