CVE-2024-11218
HIGH8.6EPSS 0.17%Buildah allows build breakout using malicious Containerfiles and concurrent builds in github.com/containers/buildah
Published: 1/21/2025Modified: 4/28/2026
Description
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Affected packages (3)
- Debian/golang-github-containers-buildahfrom 0
- Go/github.com/containers/buildah>= 1.38.0, < 1.38.1
- Go/github.com/containers/buildahfrom 0, < 1.33.12, >= 1.35.0, < 1.35.5, >= 1.37.0, < 1.37.6, >= 1.38.0, < 1.38.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References (38)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-11218
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-11218
- PATCHhttps://github.com/containers/buildah
- WEBhttps://access.redhat.com/errata/RHSA-2025:0830
- WEBhttps://access.redhat.com/errata/RHSA-2025:0878
- WEBhttps://access.redhat.com/errata/RHSA-2025:0922
- WEBhttps://access.redhat.com/errata/RHSA-2025:0923
- WEBhttps://access.redhat.com/errata/RHSA-2025:1186
- WEBhttps://access.redhat.com/errata/RHSA-2025:1187
- WEBhttps://access.redhat.com/errata/RHSA-2025:1188
- WEBhttps://access.redhat.com/errata/RHSA-2025:1189
- WEBhttps://access.redhat.com/errata/RHSA-2025:1207
- WEBhttps://access.redhat.com/errata/RHSA-2025:1275
- WEBhttps://access.redhat.com/errata/RHSA-2025:1295
- WEBhttps://access.redhat.com/errata/RHSA-2025:1296
- WEBhttps://access.redhat.com/errata/RHSA-2025:1372
- WEBhttps://access.redhat.com/errata/RHSA-2025:1453
- WEBhttps://access.redhat.com/errata/RHSA-2025:1707
- WEBhttps://access.redhat.com/errata/RHSA-2025:1713
- WEBhttps://access.redhat.com/errata/RHSA-2025:1908
- WEBhttps://access.redhat.com/errata/RHSA-2025:1910
- WEBhttps://access.redhat.com/errata/RHSA-2025:1914
- WEBhttps://access.redhat.com/errata/RHSA-2025:2441
- WEBhttps://access.redhat.com/errata/RHSA-2025:2443
- WEBhttps://access.redhat.com/errata/RHSA-2025:2454
- WEBhttps://access.redhat.com/errata/RHSA-2025:2456
- WEBhttps://access.redhat.com/errata/RHSA-2025:2701
- WEBhttps://access.redhat.com/errata/RHSA-2025:2703
- WEBhttps://access.redhat.com/errata/RHSA-2025:2710
- WEBhttps://access.redhat.com/errata/RHSA-2025:2712
- WEBhttps://access.redhat.com/errata/RHSA-2025:3577
- WEBhttps://access.redhat.com/errata/RHSA-2025:3798
- WEBhttps://access.redhat.com/security/cve/CVE-2024-11218
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2326231
- WEBhttps://github.com/containers/buildah/pull/5918
- WEBhttps://github.com/containers/buildah/security/advisories/GHSA-5vpc-35f4-r8w6
- WEBhttps://issues.redhat.com/browse/RHEL-67616
- WEBhttps://issues.redhat.com/browse/RHEL-67618