Cyber Resilience

CVE-2024-11218

HighLPE

Published: 22 January 2025

Published
22 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0017 37.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11218 is a high-severity Improper Privilege Management (CWE-269) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 37.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2024-11218 is a vulnerability affecting the `podman build` and `buildah` commands. It enables a container breakout through a race condition triggered by specifying the --jobs=2 option when building a malicious Containerfile. SELinux may provide partial mitigation, but the flaw still permits enumeration of files and directories on the host even when SELinux is enabled. Published on 2025-01-22, the vulnerability carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-269.

A local attacker with no privileges can exploit this issue by tricking a user into executing `podman build` or `buildah` on a crafted Containerfile with the --jobs=2 flag, requiring user interaction. Successful exploitation leads to a container breakout with high-impact consequences across confidentiality, integrity, and availability, including the ability to enumerate host files and directories despite SELinux protections.

Red Hat has issued patches via multiple errata addressing this vulnerability, including RHSA-2025:0830, RHSA-2025:0878, RHSA-2025:0922, RHSA-2025:0923, and RHSA-2025:1186. Security practitioners should review and apply these updates to affected systems running vulnerable versions of podman or buildah.

EU & UK References

Vulnerability details

A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows…

more

the enumeration of files and directories on the host.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Direct container escape via race condition in build tools enables host access and file enumeration.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44543Shared CWE-269
CVE-2025-34204Shared CWE-269
CVE-2025-15547Shared CWE-269
CVE-2026-4880Shared CWE-269
CVE-2024-44250Shared CWE-269
CVE-2024-53706Shared CWE-269
CVE-2024-53350Shared CWE-269
CVE-2026-2931Shared CWE-269
CVE-2025-66374Shared CWE-269
CVE-2026-26725Shared CWE-269

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the race condition vulnerability in podman build and buildah by applying vendor-issued patches such as RHSA-2025 errata.

prevent

Enforces process isolation for containers to mitigate breakout attempts triggered by the race condition during image builds.

prevent

Limits podman and buildah to least functionality by disabling unnecessary parallel job features like --jobs=2 that trigger the race condition.

References