CVE-2024-11218

CVE-2024-11218

Name

CVE-2024-11218

Description

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://access.redhat.com/security/cve/CVE-2024-11218
issue-tracking	https://bugzilla.redhat.com/show_bug.cgi?id=2326231
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:0922
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:0923
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:0878
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1187
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1189
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1186
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1188
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:0830
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1207
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1275
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1295
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1296
vendor-advisory	https://access.redhat.com/errata/RHSA-2025:1372
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:1453
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:1707
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:1713
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:1908
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:1910
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:1914
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2454
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2456
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2441
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2443
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2712
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2710
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2701
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:2703
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:3577
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:3798
secalert@redhat.com	https://github.com/containers/buildah/pull/5918

Type

URI

vdb-entry

https://access.redhat.com/security/cve/CVE-2024-11218

issue-tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2326231

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:0922

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:0923

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:0878

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1187

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1189

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1186

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1188

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:0830

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1207

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1275

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1295

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1296

vendor-advisory

https://access.redhat.com/errata/RHSA-2025:1372

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1453

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1707

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1713

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1908

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1910

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1914

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2454

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2456

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2441

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2443

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2712

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2710

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2701

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2703

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3577

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3798

secalert@redhat.com

https://github.com/containers/buildah/pull/5918

Match rules

CPE URI	Source package	Min version	Max version
`cpe:/a:redhat:rhel_e4s:8.6::appstream`	shopxo	>= 8060020250203202123.3b538bd8	< *
`cpe:/a:redhat:rhel_eus:8.8::appstream`	shopxo	>= 8080020250207173112.0f77c1b7	< *
`cpe:/a:redhat:enterprise_linux:9::appstream`	shopxo	>= 4:5.2.2-13.el9_5	< *
`cpe:/a:redhat:enterprise_linux:9::appstream`	shopxo	>= 2:1.37.6-1.el9_5	< *
`cpe:/a:redhat:rhel_e4s:9.0::appstream`	shopxo	>= 2:4.2.0-6.el9_0	< *
`cpe:/a:redhat:rhel_e4s:9.0::appstream`	shopxo	>= 1:1.26.9-1.el9_0	< *
`cpe:/a:redhat:rhel_eus:9.2::appstream`	shopxo	>= 1:1.29.5-1.el9_2	< *
`cpe:/a:redhat:rhel_eus:9.2::appstream`	shopxo	>= 2:4.4.1-22.el9_2	< *
`cpe:/a:redhat:rhel_eus:9.4::appstream`	shopxo	>= 2:1.33.12-2.el9_4	< *
`cpe:/a:redhat:rhel_eus:9.4::appstream`	shopxo	>= 4:4.9.4-17.el9_4	< *
`cpe:/a:redhat:openshift_ironic:4.16::el9`	shopxo	>= 4:4.9.4-13.rhaos4.16.el8	< *
`cpe:/a:redhat:enterprise_linux:8::appstream`	shopxo	>= 8100020250124120243.afee755d	< *
`cpe:/a:redhat:openshift:4.17::el8`	shopxo	>= 5:5.2.2-2.rhaos4.17.el8	< *

CPE URI

Source package

Min version

Max version

cpe:/a:redhat:rhel_e4s:8.6::appstream

shopxo

>= 8060020250203202123.3b538bd8

< *

cpe:/a:redhat:rhel_eus:8.8::appstream

shopxo

>= 8080020250207173112.0f77c1b7

< *

cpe:/a:redhat:enterprise_linux:9::appstream

shopxo

>= 4:5.2.2-13.el9_5

< *

cpe:/a:redhat:enterprise_linux:9::appstream

shopxo

>= 2:1.37.6-1.el9_5

< *

cpe:/a:redhat:rhel_e4s:9.0::appstream

shopxo

>= 2:4.2.0-6.el9_0

< *

cpe:/a:redhat:rhel_e4s:9.0::appstream

shopxo

>= 1:1.26.9-1.el9_0

< *

cpe:/a:redhat:rhel_eus:9.2::appstream

shopxo

>= 1:1.29.5-1.el9_2

< *

cpe:/a:redhat:rhel_eus:9.2::appstream

shopxo

>= 2:4.4.1-22.el9_2

< *

cpe:/a:redhat:rhel_eus:9.4::appstream

shopxo

>= 2:1.33.12-2.el9_4

< *

cpe:/a:redhat:rhel_eus:9.4::appstream

shopxo

>= 4:4.9.4-17.el9_4

< *

cpe:/a:redhat:openshift_ironic:4.16::el9

shopxo

>= 4:4.9.4-13.rhaos4.16.el8

< *

cpe:/a:redhat:enterprise_linux:8::appstream

shopxo

>= 8100020250124120243.afee755d

< *

cpe:/a:redhat:openshift:4.17::el8

shopxo

>= 5:5.2.2-2.rhaos4.17.el8

< *

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
podman	edge-community	5.3.2-r0	Michał Polański <michal@polanski.me>	fixed
podman	3.22-community	5.3.2-r0	None	fixed
podman	3.21-community	5.3.2-r0	Michał Polański <michal@polanski.me>	fixed
buildah	edge-community	1.38.1-r0	Michał Polański <michal@polanski.me>	fixed
buildah	3.22-community	1.38.1-r0	None	fixed
buildah	3.21-community	1.38.1-r0	Michał Polański <michal@polanski.me>	fixed

Source package

Branch

Version

Maintainer

Status

podman

edge-community

5.3.2-r0

Michał Polański <michal@polanski.me>

fixed

podman

3.22-community