A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using –jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8100020250124120243.afee755d | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | container-tools:rhel8-8060020250203202123.3b538bd8 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | container-tools:rhel8-8060020250203202123.3b538bd8 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | container-tools:rhel8-8060020250203202123.3b538bd8 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | container-tools:rhel8-8080020250207173112.0f77c1b7 | * |
| Red Hat Enterprise Linux 9 | RedHat | podman-4:5.2.2-13.el9_5 | * |
| Red Hat Enterprise Linux 9 | RedHat | buildah-2:1.37.6-1.el9_5 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | podman-2:4.2.0-6.el9_0 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | buildah-1:1.26.9-1.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | buildah-1:1.29.5-1.el9_2 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | podman-2:4.4.1-22.el9_2 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | buildah-2:1.33.12-2.el9_4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | podman-4:4.9.4-17.el9_4 | * |
| Red Hat OpenShift Container Platform 4.12 | RedHat | rhcos-412.86.202503052321-0 | * |
| Red Hat OpenShift Container Platform 4.12 | RedHat | podman-3:4.2.0-13.rhaos4.12.el9 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | buildah-1:1.29.5-1.rhaos4.13.el8 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | podman-3:4.4.1-16.rhaos4.13.el8 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | rhcos-413.92.202503112237-0 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | podman-3:4.4.1-22.rhaos4.14.el8 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | buildah-1:1.29.5-1.rhaos4.14.el8 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | rhcos-414.92.202503100617-0 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | podman-3:4.4.1-33.rhaos4.15.el8 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | buildah-1:1.29.5-1.rhaos4.15.el8 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | rhcos-415.92.202503060749-0 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | podman-4:4.9.4-13.rhaos4.16.el8 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | buildah-2:1.33.12-1.rhaos4.16.el8 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | rhcos-416.94.202502180249-0 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | podman-5:5.2.2-2.rhaos4.17.el8 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | buildah-2:1.33.12-1.rhaos4.17.el8 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | rhcos-417.94.202504080421-0 | * |
| Red Hat OpenShift Container Platform 4.18 | RedHat | buildah-2:1.33.12-1.rhaos4.18.el9 | * |
| Red Hat OpenShift Container Platform 4.18 | RedHat | rhcos-418.94.202504021150-0 | * |
| Podman | Ubuntu | plucky | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- https://access.redhat.com/errata/RHSA-2025:0830
- https://access.redhat.com/errata/RHSA-2025:0878
- https://access.redhat.com/errata/RHSA-2025:0922
- https://access.redhat.com/errata/RHSA-2025:0923
- https://access.redhat.com/errata/RHSA-2025:1186
- https://access.redhat.com/errata/RHSA-2025:1187
- https://access.redhat.com/errata/RHSA-2025:1188
- https://access.redhat.com/errata/RHSA-2025:1189
- https://access.redhat.com/errata/RHSA-2025:1207
- https://access.redhat.com/errata/RHSA-2025:1275
- https://access.redhat.com/errata/RHSA-2025:1295
- https://access.redhat.com/errata/RHSA-2025:1296
- https://access.redhat.com/errata/RHSA-2025:1372
- https://access.redhat.com/errata/RHSA-2025:1453
- https://access.redhat.com/errata/RHSA-2025:1707
- https://access.redhat.com/errata/RHSA-2025:1713
- https://access.redhat.com/errata/RHSA-2025:1908
- https://access.redhat.com/errata/RHSA-2025:1910
- https://access.redhat.com/errata/RHSA-2025:1914
- https://access.redhat.com/errata/RHSA-2025:2441
- https://access.redhat.com/errata/RHSA-2025:2443
- https://access.redhat.com/errata/RHSA-2025:2454
- https://access.redhat.com/errata/RHSA-2025:2456
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/errata/RHSA-2025:2703
- https://access.redhat.com/errata/RHSA-2025:2710
- https://access.redhat.com/errata/RHSA-2025:2712
- https://access.redhat.com/errata/RHSA-2025:3577
- https://access.redhat.com/errata/RHSA-2025:3798
- https://access.redhat.com/security/cve/CVE-2024-11218
- https://bugzilla.redhat.com/show_bug.cgi?id=2326231
- https://github.com/containers/buildah/pull/5918