REDHAT-BUG-2326231: Race Condition
First published: Thu Nov 14 2024(Updated: )
A vulnerability was found in `podman build` and `buildah`. Container breakout by using --jobs=2 and race condition when building a malicious Containerfile. It might be mitigated by SELinux, but even with SELinux on it still allows enumeration of files and directories on the host.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Podman | ||
| Buildah |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/advisories/GHSA-5vpc-35f4-r8w6
- https://access.redhat.com/errata/RHSA-2025:0922
- https://access.redhat.com/errata/RHSA-2025:0923
- https://access.redhat.com/errata/RHSA-2025:0878
- https://access.redhat.com/errata/RHSA-2025:1187
- https://access.redhat.com/errata/RHSA-2025:1186
- https://access.redhat.com/errata/RHSA-2025:1188
- https://access.redhat.com/errata/RHSA-2025:1189
- https://access.redhat.com/errata/RHSA-2025:0830
- https://access.redhat.com/errata/RHSA-2025:1207
- https://access.redhat.com/errata/RHSA-2025:1275
- https://access.redhat.com/errata/RHSA-2025:1295
- https://access.redhat.com/errata/RHSA-2025:1296
- https://access.redhat.com/errata/RHSA-2025:1372
- https://access.redhat.com/errata/RHSA-2025:1453
- https://access.redhat.com/errata/RHSA-2025:1707
- https://access.redhat.com/errata/RHSA-2025:1713
- https://access.redhat.com/errata/RHSA-2025:1908
- https://access.redhat.com/errata/RHSA-2025:1914
- https://access.redhat.com/errata/RHSA-2025:1910
- https://access.redhat.com/errata/RHSA-2025:2454
- https://access.redhat.com/errata/RHSA-2025:2456
- https://access.redhat.com/errata/RHSA-2025:2441
- https://access.redhat.com/errata/RHSA-2025:2443
- https://access.redhat.com/errata/RHSA-2025:2710
- https://access.redhat.com/errata/RHSA-2025:2712
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/errata/RHSA-2025:2703
- https://bugzilla.redhat.com/show_bug.cgi?id=2326231
Frequently Asked Questions
What is the severity of REDHAT-BUG-2326231?
The severity of REDHAT-BUG-2326231 is considered high due to the potential for container breakout and file enumeration on the host.
How do I fix REDHAT-BUG-2326231?
To mitigate REDHAT-BUG-2326231, ensure that you are using the latest versions of Podman and Buildah that contain the necessary security patches.
What products are affected by REDHAT-BUG-2326231?
REDHAT-BUG-2326231 affects Red Hat Podman and Red Hat Buildah specifically.
Does SELinux provide full protection against REDHAT-BUG-2326231?
SELinux may provide some mitigation, but it does not fully prevent the vulnerabilities associated with REDHAT-BUG-2326231.
What type of vulnerability is described in REDHAT-BUG-2326231?
REDHAT-BUG-2326231 describes a container breakout vulnerability that occurs during the building of a malicious Containerfile.
- agent/severity
- agent/source
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/description
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/last-modified-date
- agent/references
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-11218
- vendor/red hat
- canonical/podman
- canonical/buildah