Vulnerabilities > CVE-2024-9676 - Unspecified vulnerability in Redhat products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

redhat

NVD

Published: 2024-10-15

Updated: 2024-11-26

Summary

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 9.0 Redhat Enterprise Linux FOR Power Little Endian 9.0_Ppc64Le Redhat Enterprise Linux FOR IBM Z Systems 9.0_S390X Redhat Enterprise Linux FOR ARM 64 9.0_Aarch64 Redhat Enterprise Linux Server FOR Power Little Endian Update Services FOR SAP Solutions 9.4_Ppc64Le Redhat Enterprise Linux FOR ARM 64 EUS 9.4_Aarch64 Redhat Enterprise Linux FOR Power Little Endian EUS 9.4_Ppc64Le Redhat Enterprise Linux FOR IBM Z Systems EUS 9.4_S390X Redhat Enterprise Linux Server AUS 9.4 Redhat Enterprise Linux EUS 9.4	10
Application	Redhat Redhat Openshift Container Platform FOR Power 4.12 Redhat Openshift Container Platform FOR Power 4.15 Redhat Openshift Container Platform FOR Power 4.16 Redhat Openshift Container Platform FOR Power 4.13 Redhat Openshift Container Platform FOR Power 4.14 Redhat Openshift Container Platform 4.12 Redhat Openshift Container Platform 4.13 Redhat Openshift Container Platform 4.15 Redhat Openshift Container Platform 4.17 Redhat Openshift Container Platform 4.14 Redhat Openshift Container Platform 4.16 Redhat Openshift Container Platform FOR Linuxone 4.12 Redhat Openshift Container Platform FOR Linuxone 4.15 Redhat Openshift Container Platform FOR Linuxone 4.16 Redhat Openshift Container Platform FOR Linuxone 4.13 Redhat Openshift Container Platform FOR Linuxone 4.14 Redhat Openshift Container Platform FOR Arm64 4.12 Redhat Openshift Container Platform FOR Arm64 4.15 Redhat Openshift Container Platform FOR Arm64 4.16 Redhat Openshift Container Platform FOR Arm64 4.13 Redhat Openshift Container Platform FOR Arm64 4.14 Redhat Openshift Container Platform FOR IBM Z 4.12 Redhat Openshift Container Platform FOR IBM Z 4.15 Redhat Openshift Container Platform FOR IBM Z 4.16 Redhat Openshift Container Platform FOR IBM Z 4.13 Redhat Openshift Container Platform FOR IBM Z 4.14	26

Summary

Vulnerable Configurations

References