CVE-2024-1753

EUVD-2024-0867
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Debian logo
Debian Releases
Debian Product
Codename
golang-github-containers-buildah
bookworm
no-dsa
bullseye
no-dsa
forky
1.42.1+ds1-2
fixed
sid
1.42.1+ds1-2
fixed
trixie
1.39.3+ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-github-containers-buildah
focal
dne
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
buildah
suse enterprise sap 15 SP5
1.35.4-150500.3.10.1
fixed
suse enterprise sap 15 SP6
1.34.1-150500.3.7.1
fixed
suse enterprise sap 15 SP7
1.35.4-150500.3.10.1
fixed
suse enterprise server 15 SP2
1.25.1-150100.3.23.1
fixed
suse enterprise server 15 SP3
1.35.4-150300.8.25.1
fixed
suse enterprise server 15 SP4
1.35.4-150400.3.30.1
fixed
suse enterprise server 15 SP5
1.35.4-150500.3.10.1
fixed
suse enterprise server 15 SP6
1.34.1-150500.3.7.1
fixed
suse enterprise server 15 SP7
1.35.4-150500.3.10.1
fixed
cni
suse enterprise sap 15 SP2
0.7.1-150100.3.18.1
fixed
suse enterprise server 15 SP2
0.7.1-150100.3.18.1
fixed
suse enterprise server 15 SP3
0.7.1-150100.3.18.1
fixed
suse enterprise server 15 SP4
0.7.1-150100.3.18.1
fixed
cni-plugins
suse enterprise sap 15 SP2
0.8.6-150100.3.22.3
fixed
suse enterprise server 15 SP2
0.8.6-150100.3.22.3
fixed
suse enterprise server 15 SP3
0.8.6-150100.3.22.3
fixed
suse enterprise server 15 SP4
0.8.6-150100.3.22.3
fixed
podman
suse enterprise sap 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.43.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.35.1
fixed
suse enterprise server 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.8.3-150500.3.9.1
fixed
podman-cni-config
suse enterprise server 15 SP3
4.4.4-150300.9.26.2
fixed
suse enterprise server 15 SP4
4.4.4-150400.4.22.1
fixed
podman-docker
suse enterprise sap 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.35.1
fixed
suse enterprise server 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.8.3-150500.3.9.1
fixed
podman-remote
suse enterprise sap 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.43.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.35.1
fixed
suse enterprise server 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.8.3-150500.3.9.1
fixed
podmansh
suse enterprise sap 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP5
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.8.3-150500.3.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
buildah
RHEL 9
1:1.31.5-1.el9_3
fixed
buildah-tests
RHEL 9
1:1.31.5-1.el9_3
fixed
podman
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-docker
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-plugins
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-remote
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-tests
RHEL 9
4:4.9.4-3.el9_4
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:2049
https://access.redhat.com/errata/RHSA-2024:2055
https://access.redhat.com/errata/RHSA-2024:2064
https://access.redhat.com/errata/RHSA-2024:2066
https://access.redhat.com/errata/RHSA-2024:2077
https://access.redhat.com/errata/RHSA-2024:2084
https://access.redhat.com/errata/RHSA-2024:2089
https://access.redhat.com/errata/RHSA-2024:2090
https://access.redhat.com/errata/RHSA-2024:2097
https://access.redhat.com/errata/RHSA-2024:2098
https://access.redhat.com/errata/RHSA-2024:2548
https://access.redhat.com/errata/RHSA-2024:2645
https://access.redhat.com/errata/RHSA-2024:2669
https://access.redhat.com/errata/RHSA-2024:2672
https://access.redhat.com/errata/RHSA-2024:2784
https://access.redhat.com/errata/RHSA-2024:2877
https://access.redhat.com/errata/RHSA-2024:3254
https://access.redhat.com/security/cve/CVE-2024-1753
https://bugzilla.redhat.com/show_bug.cgi?id=2265513
https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
https://pkg.go.dev/vuln/GO-2024-2658
https://access.redhat.com/errata/RHSA-2024:2049
https://access.redhat.com/errata/RHSA-2024:2055
https://access.redhat.com/errata/RHSA-2024:2064
https://access.redhat.com/errata/RHSA-2024:2066
https://access.redhat.com/errata/RHSA-2024:2077
https://access.redhat.com/errata/RHSA-2024:2084
https://access.redhat.com/errata/RHSA-2024:2089
https://access.redhat.com/errata/RHSA-2024:2090
https://access.redhat.com/errata/RHSA-2024:2097
https://access.redhat.com/errata/RHSA-2024:2098
https://access.redhat.com/errata/RHSA-2024:2548
https://access.redhat.com/errata/RHSA-2024:2645
https://access.redhat.com/errata/RHSA-2024:2669
https://access.redhat.com/errata/RHSA-2024:2672
https://access.redhat.com/errata/RHSA-2024:2784
https://access.redhat.com/errata/RHSA-2024:2877
https://access.redhat.com/errata/RHSA-2024:3254
https://access.redhat.com/security/cve/CVE-2024-1753
https://bugzilla.redhat.com/show_bug.cgi?id=2265513
https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/