CVE-2024-9341
Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
| CWE | CWE-59 |
| Published | Oct 1, 2024 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:10147 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:10818 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:7925 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8039 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8112 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8238 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8263 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8428 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8690 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8694 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8846 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:9454 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:9459 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-9341 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2315691 github.com: https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169 github.com: https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349
Credits
Red Hat would like to thank Paul Holzinger for reporting this issue.