CVE-2024-9676

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:10289
https://access.redhat.com/errata/RHSA-2024:8418 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8428 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8437 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8686 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8690 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8694 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8700 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:8984 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:9051 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:9454 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:9459 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:9926 Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:0876
https://access.redhat.com/security/cve/CVE-2024-9676 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317467 Issue Tracking
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
History

07 Feb 2025, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:0876 -

26 Nov 2024, 09:15

Type Values Removed Values Added
First Time Redhat enterprise Linux For Power Little Endian Eus
Redhat openshift Container Platform For Ibm Z
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux
Redhat openshift Container Platform
Redhat enterprise Linux Server Aus
Redhat openshift Container Platform For Linuxone
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat openshift Container Platform For Arm64
Redhat openshift Container Platform For Power
Redhat
CPE cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:*
References
  • () https://access.redhat.com/errata/RHSA-2024:10289 -
  • () https://access.redhat.com/errata/RHSA-2024:9926 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8418 - () https://access.redhat.com/errata/RHSA-2024:8418 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8428 - () https://access.redhat.com/errata/RHSA-2024:8428 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8437 - () https://access.redhat.com/errata/RHSA-2024:8437 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8686 - () https://access.redhat.com/errata/RHSA-2024:8686 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8690 - () https://access.redhat.com/errata/RHSA-2024:8690 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8694 - () https://access.redhat.com/errata/RHSA-2024:8694 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8700 - () https://access.redhat.com/errata/RHSA-2024:8700 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:8984 - () https://access.redhat.com/errata/RHSA-2024:8984 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:9051 - () https://access.redhat.com/errata/RHSA-2024:9051 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:9454 - () https://access.redhat.com/errata/RHSA-2024:9454 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:9459 - () https://access.redhat.com/errata/RHSA-2024:9459 - Vendor Advisory
References () https://access.redhat.com/security/cve/CVE-2024-9676 - () https://access.redhat.com/security/cve/CVE-2024-9676 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2317467 - () https://bugzilla.redhat.com/show_bug.cgi?id=2317467 - Issue Tracking
References () https://github.com/advisories/GHSA-wq2p-5pc6-wpgf - () https://github.com/advisories/GHSA-wq2p-5pc6-wpgf - Third Party Advisory

13 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8984 -

12 Nov 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9454 -
  • () https://access.redhat.com/errata/RHSA-2024:9459 -

11 Nov 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8700 -
  • () https://access.redhat.com/errata/RHSA-2024:9051 -

07 Nov 2024, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8694 -

06 Nov 2024, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8690 -

06 Nov 2024, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8686 -

31 Oct 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8428 -

30 Oct 2024, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8418 -
  • () https://access.redhat.com/errata/RHSA-2024:8437 -

16 Oct 2024, 16:38

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Podman, Buildah y CRI-O. Una vulnerabilidad de cruce de enlaces simbólicos en la librería de contenedores/almacenamiento puede hacer que Podman, Buildah y CRI-O se bloqueen y generen una denegación de servicio mediante la eliminación de OOM al ejecutar una imagen maliciosa utilizando un espacio de nombres de usuario asignado automáticamente (`--userns=auto` en Podman y Buildah). La librería de contenedores/almacenamiento leerá /etc/passwd dentro del contenedor, pero no validará correctamente si ese archivo es un enlace simbólico, lo que se puede utilizar para hacer que la librería lea un archivo arbitrario en el host.

15 Oct 2024, 21:15

Type Values Removed Values Added
References
  • () https://github.com/advisories/GHSA-wq2p-5pc6-wpgf -

15 Oct 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 16:15

Updated : 2025-02-07 05:15

NVD link : CVE-2024-9676

Mitre link : CVE-2024-9676

CVE.ORG link : CVE-2024-9676

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • openshift_container_platform_for_linuxone
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_power_little_endian_eus
  • openshift_container_platform_for_arm64
  • openshift_container_platform
  • enterprise_linux_for_power_little_endian
  • openshift_container_platform_for_power
  • enterprise_linux_server_aus
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_eus
  • openshift_container_platform_for_ibm_z
  • enterprise_linux_for_arm_64
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')