GO-2024-2919 — Vulnetix

GO-2024-2919 PUBLISHED

malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o

Affected Products

Vendor	Product	Versions
github.com	cri-o/cri-o	1.28.6, 1.29.4, 1.30.0

Timeline

Jun 14, 2024 CVE Published
Mar 3, 2026 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Distribution Patch
May 1, 2026 Distribution Patch
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory
May 1, 2026 Security Advisory
May 1, 2026 Security Advisory
May 1, 2026 Security Advisory
May 1, 2026 Security Advisory

References

https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-5154 advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2280190 url
https://access.redhat.com/errata/RHSA-2024:3676 advisory
https://access.redhat.com/errata/RHSA-2024:3700 advisory
https://access.redhat.com/errata/RHSA-2024:4008 advisory
https://access.redhat.com/errata/RHSA-2024:4486 advisory
https://access.redhat.com/security/cve/CVE-2024-5154 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›