CVE-2024-9676
Vulnerability Summary
Timeline
Description
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 1.56%• Percentile: 82%
Techniques & Countermeasures
- CWE-22•Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Affected Systems
- redhat•enterprise_linux
9.0
- redhat•enterprise_linux_eus
9.4
- redhat•enterprise_linux_for_arm_64
9.0_aarch64
- redhat•enterprise_linux_for_arm_64_eus
9.4_aarch64
- redhat•enterprise_linux_for_ibm_z_systems
9.0_s390x
- redhat•enterprise_linux_for_ibm_z_systems_eus
9.4_s390x
- redhat•enterprise_linux_for_power_little_endian
9.0_ppc64le
- redhat•enterprise_linux_for_power_little_endian_eus
9.4_ppc64le
- redhat•enterprise_linux_server_aus
9.4
- redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.4_ppc64le
- redhat•openshift_container_platform
4.12 | 4.13 | 4.14 | 4.15 | 4.16 | 4.17
- redhat•openshift_container_platform_for_arm64
4.12 | 4.13 | 4.14 | 4.15 | 4.16
- redhat•openshift_container_platform_for_ibm_z
4.12 | 4.13 | 4.14 | 4.15 | 4.16
- redhat•openshift_container_platform_for_linuxone
4.12 | 4.13 | 4.14 | 4.15 | 4.16
- redhat•openshift_container_platform_for_power
4.12 | 4.13 | 4.14 | 4.15 | 4.16
References (21)
- https://access.redhat.com/errata/RHSA-2024:10289
- https://access.redhat.com/errata/RHSA-2024:8418
- https://access.redhat.com/errata/RHSA-2024:8428
- https://access.redhat.com/errata/RHSA-2024:8437
- https://access.redhat.com/errata/RHSA-2024:8686
- https://access.redhat.com/errata/RHSA-2024:8690
- https://access.redhat.com/errata/RHSA-2024:8694
- https://access.redhat.com/errata/RHSA-2024:8700
- https://access.redhat.com/errata/RHSA-2024:8984
- https://access.redhat.com/errata/RHSA-2024:9051
- https://access.redhat.com/errata/RHSA-2024:9454
- https://access.redhat.com/errata/RHSA-2024:9459
- https://access.redhat.com/errata/RHSA-2024:9926
- https://access.redhat.com/errata/RHSA-2025:0876
- https://access.redhat.com/errata/RHSA-2025:2454
- https://access.redhat.com/errata/RHSA-2025:2710
- https://access.redhat.com/errata/RHSA-2025:3301
- https://access.redhat.com/security/cve/CVE-2024-9676
- https://bugzilla.redhat.com/show_bug.cgi?id=2317467
- https://github.com/advisories/GHSA-wq2p-5pc6-wpgf
- https://github.com/containers/storage/commit/935c58f4b3e364a9c9d33ed06476a831e6ad5679