Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9676

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Published

2024-10-15T16:15:06.933

Last Modified

2025-04-03T02:15:19.877

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	4.12	Yes
Application	redhat	openshift_container_platform	4.13	Yes
Application	redhat	openshift_container_platform	4.14	Yes
Application	redhat	openshift_container_platform	4.15	Yes
Application	redhat	openshift_container_platform	4.16	Yes
Application	redhat	openshift_container_platform	4.17	Yes
Application	redhat	openshift_container_platform_for_arm64	4.12	Yes
Application	redhat	openshift_container_platform_for_arm64	4.13	Yes
Application	redhat	openshift_container_platform_for_arm64	4.14	Yes
Application	redhat	openshift_container_platform_for_arm64	4.15	Yes
Application	redhat	openshift_container_platform_for_arm64	4.16	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.12	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.13	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.14	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.15	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.16	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.12	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.13	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.14	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.15	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.16	Yes
Application	redhat	openshift_container_platform_for_power	4.12	Yes
Application	redhat	openshift_container_platform_for_power	4.13	Yes
Application	redhat	openshift_container_platform_for_power	4.14	Yes
Application	redhat	openshift_container_platform_for_power	4.15	Yes
Application	redhat	openshift_container_platform_for_power	4.16	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux_eus	9.4	Yes
Operating System	redhat	enterprise_linux_for_arm_64	9.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_aus	9.4	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	Yes

References

https://access.redhat.com/errata/RHSA-2024:10289 ([email protected])
https://access.redhat.com/errata/RHSA-2024:8418 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8428 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8437 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8686 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8690 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8694 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8700 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8984 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9051 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9454 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9459 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:9926 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0876 ([email protected])
https://access.redhat.com/errata/RHSA-2025:2454 ([email protected])
https://access.redhat.com/errata/RHSA-2025:2710 ([email protected])
https://access.redhat.com/errata/RHSA-2025:3301 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-9676 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2317467 Issue Tracking ([email protected])
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf Third Party Advisory ([email protected])