Vulnerability Details CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2024:10289
- https://access.redhat.com/errata/RHSA-2024:8418
- https://access.redhat.com/errata/RHSA-2024:8428
- https://access.redhat.com/errata/RHSA-2024:8437
- https://access.redhat.com/errata/RHSA-2024:8686
- https://access.redhat.com/errata/RHSA-2024:8690
- https://access.redhat.com/errata/RHSA-2024:8694
- https://access.redhat.com/errata/RHSA-2024:8700
- https://access.redhat.com/errata/RHSA-2024:8984
- https://access.redhat.com/errata/RHSA-2024:9051
- https://access.redhat.com/errata/RHSA-2024:9454
- https://access.redhat.com/errata/RHSA-2024:9459
- https://access.redhat.com/errata/RHSA-2024:9926
- https://access.redhat.com/errata/RHSA-2025:0876
- https://access.redhat.com/errata/RHSA-2025:2454
- https://access.redhat.com/errata/RHSA-2025:2710
- https://access.redhat.com/errata/RHSA-2025:3301
- https://access.redhat.com/security/cve/CVE-2024-9676
- https://bugzilla.redhat.com/show_bug.cgi?id=2317467
- https://github.com/advisories/GHSA-wq2p-5pc6-wpgf
Products affected by CVE-2024-9676
-
cpe:2.3:a:redhat:openshift_container_platform:4.12
-
cpe:2.3:a:redhat:openshift_container_platform:4.13
-
cpe:2.3:a:redhat:openshift_container_platform:4.14
-
cpe:2.3:a:redhat:openshift_container_platform:4.15
-
cpe:2.3:a:redhat:openshift_container_platform:4.16
-
cpe:2.3:a:redhat:openshift_container_platform:4.17
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.4
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4
-
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.4_ppc64lecpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le