CVE-2024-9675

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Credits

Red Hat would like to thank Erik Sjölund (Upstream) for reporting this issue.

References

https://access.redhat.com/errata/RHSA-2024:8563

https://access.redhat.com/errata/RHSA-2024:8675

https://access.redhat.com/errata/RHSA-2024:8679

https://access.redhat.com/errata/RHSA-2024:8686

https://access.redhat.com/errata/RHSA-2024:8690

https://access.redhat.com/errata/RHSA-2024:8700

https://access.redhat.com/errata/RHSA-2024:8703

https://access.redhat.com/errata/RHSA-2024:8707

https://access.redhat.com/errata/RHSA-2024:8708

https://access.redhat.com/errata/RHSA-2024:8709

https://access.redhat.com/errata/RHSA-2024:8846

https://access.redhat.com/errata/RHSA-2024:8984

https://access.redhat.com/errata/RHSA-2024:8994

https://access.redhat.com/errata/RHSA-2024:9051

https://access.redhat.com/errata/RHSA-2024:9454

https://access.redhat.com/errata/RHSA-2024:9459

https://access.redhat.com/errata/RHSA-2025:2445

https://access.redhat.com/errata/RHSA-2025:2449

https://access.redhat.com/errata/RHSA-2025:2454

https://access.redhat.com/errata/RHSA-2025:2701

https://access.redhat.com/errata/RHSA-2025:2710

https://access.redhat.com/errata/RHSA-2025:3301

https://access.redhat.com/errata/RHSA-2025:3573

https://access.redhat.com/security/cve/CVE-2024-9675

https://bugzilla.redhat.com/show_bug.cgi?id=2317458