VDB
RHSA-2025%3A3577
RHSA-2025%3A3577
PUBLISHED
CVSS 8.600000381469727 HIGH
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-autoscaler-rhel9-operator@sha256:ff3359320e77028239667a0558f5b7805e0a7091f8b077c7244fc9338fbfdbaf_s390x as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-cluster-autoscaler-rhel9-operator@sha256:ff3359320e77028239667a0558f5b7805e0a7091f8b077c7244fc9338fbfdbaf_s390x, openshift4/ose-cluster-autoscaler-rhel9-operator@sha256:ff3359320e77028239667a0558f5b7805e0a7091f8b077c7244fc9338fbfdbaf_s390x, openshift4/ose-cluster-autoscaler-rhel9-operator@sha256:ff3359320e77028239667a0558f5b7805e0a7091f8b077c7244fc9338fbfdbaf_s390x |
| Red Hat | openshift4/ose-machine-os-images-rhel9@sha256:5456adb3ce33597c8c8840ae96de307a8e9c2e786f3361a041f7c9347a4da374_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-machine-os-images-rhel9@sha256:5456adb3ce33597c8c8840ae96de307a8e9c2e786f3361a041f7c9347a4da374_arm64, *, * |
| Red Hat | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:007b3c858806226f061b648dae6f3ac1e9e26263f21ee189c59311a67241bafe_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:007b3c858806226f061b648dae6f3ac1e9e26263f21ee189c59311a67241bafe_amd64, openshift4/ose-cluster-image-registry-rhel9-operator@sha256:007b3c858806226f061b648dae6f3ac1e9e26263f21ee189c59311a67241bafe_amd64, openshift4/ose-cluster-image-registry-rhel9-operator@sha256:007b3c858806226f061b648dae6f3ac1e9e26263f21ee189c59311a67241bafe_amd64 |
| Red Hat | openshift4/ose-multus-cni-rhel9@sha256:ed51c8ccac68d34e402a67b04b192f562f8de41b61428d330fb084c018e319c3_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-multus-cni-rhel9@sha256:ed51c8ccac68d34e402a67b04b192f562f8de41b61428d330fb084c018e319c3_ppc64le, *, * |
| Red Hat | openshift4/ose-cluster-autoscaler-rhel9@sha256:2caa0be83ef07eb485ad02117d42a55969cd068239a7c00e340721728264bba6_s390x as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-cluster-autoscaler-rhel9@sha256:2caa0be83ef07eb485ad02117d42a55969cd068239a7c00e340721728264bba6_s390x, *, openshift4/ose-cluster-autoscaler-rhel9@sha256:2caa0be83ef07eb485ad02117d42a55969cd068239a7c00e340721728264bba6_s390x |
| Red Hat | openshift4/ose-kube-rbac-proxy-rhel9@sha256:c386be79fb9ad878d4e1b978f47b81595d5ae31d2c25bf1d22c60f86e603e224_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-kube-rbac-proxy-rhel9@sha256:c386be79fb9ad878d4e1b978f47b81595d5ae31d2c25bf1d22c60f86e603e224_arm64, openshift4/ose-kube-rbac-proxy-rhel9@sha256:c386be79fb9ad878d4e1b978f47b81595d5ae31d2c25bf1d22c60f86e603e224_arm64, openshift4/ose-kube-rbac-proxy-rhel9@sha256:c386be79fb9ad878d4e1b978f47b81595d5ae31d2c25bf1d22c60f86e603e224_arm64 |
| Red Hat | openshift4/aws-kms-encryption-provider-rhel9@sha256:37412c8d9f5e3b0f4ff07ad94993a13407502bd8f5e1f83f80e292356742d29d_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/aws-kms-encryption-provider-rhel9@sha256:37412c8d9f5e3b0f4ff07ad94993a13407502bd8f5e1f83f80e292356742d29d_arm64, openshift4/aws-kms-encryption-provider-rhel9@sha256:37412c8d9f5e3b0f4ff07ad94993a13407502bd8f5e1f83f80e292356742d29d_arm64, openshift4/aws-kms-encryption-provider-rhel9@sha256:37412c8d9f5e3b0f4ff07ad94993a13407502bd8f5e1f83f80e292356742d29d_arm64 |
| Red Hat | openshift4/ose-openshift-state-metrics-rhel9@sha256:f3aea01e0d3f8598f9d7107ba83cf7afe4b6099c8881b9a4373b767bdf0928c2_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-openshift-state-metrics-rhel9@sha256:f3aea01e0d3f8598f9d7107ba83cf7afe4b6099c8881b9a4373b767bdf0928c2_arm64, openshift4/ose-openshift-state-metrics-rhel9@sha256:f3aea01e0d3f8598f9d7107ba83cf7afe4b6099c8881b9a4373b767bdf0928c2_arm64, openshift4/ose-openshift-state-metrics-rhel9@sha256:f3aea01e0d3f8598f9d7107ba83cf7afe4b6099c8881b9a4373b767bdf0928c2_arm64 |
| Red Hat | openshift4/ose-cluster-network-rhel9-operator@sha256:d1c94c6381cd5b28868eee78833c8f4f1e7acd9f0db5535b352862dbcbf063d6_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | *, openshift4/ose-cluster-network-rhel9-operator@sha256:d1c94c6381cd5b28868eee78833c8f4f1e7acd9f0db5535b352862dbcbf063d6_arm64, openshift4/ose-cluster-network-rhel9-operator@sha256:d1c94c6381cd5b28868eee78833c8f4f1e7acd9f0db5535b352862dbcbf063d6_arm64 |
| Red Hat | openshift4/ose-cluster-config-api-rhel9@sha256:f49572fc336168e8894319c83d4542097461e07dc059275a82291037977b1d7e_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-cluster-config-api-rhel9@sha256:f49572fc336168e8894319c83d4542097461e07dc059275a82291037977b1d7e_amd64, openshift4/ose-cluster-config-api-rhel9@sha256:f49572fc336168e8894319c83d4542097461e07dc059275a82291037977b1d7e_amd64, openshift4/ose-cluster-config-api-rhel9@sha256:f49572fc336168e8894319c83d4542097461e07dc059275a82291037977b1d7e_amd64 |
| Red Hat | openshift4/ose-multus-networkpolicy-rhel9@sha256:cd5aef85885c672f525b762b4bdacf8dcb41709dd2727de2d0732b846e28b78c_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-multus-networkpolicy-rhel9@sha256:cd5aef85885c672f525b762b4bdacf8dcb41709dd2727de2d0732b846e28b78c_arm64, openshift4/ose-multus-networkpolicy-rhel9@sha256:cd5aef85885c672f525b762b4bdacf8dcb41709dd2727de2d0732b846e28b78c_arm64, openshift4/ose-multus-networkpolicy-rhel9@sha256:cd5aef85885c672f525b762b4bdacf8dcb41709dd2727de2d0732b846e28b78c_arm64 |
| Red Hat | openshift4/frr-rhel9@sha256:86d73a4bc269b32f442db9a957ab879494684f5c80e770095a526bcef4e590c8_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | *, openshift4/frr-rhel9@sha256:86d73a4bc269b32f442db9a957ab879494684f5c80e770095a526bcef4e590c8_arm64, openshift4/frr-rhel9@sha256:86d73a4bc269b32f442db9a957ab879494684f5c80e770095a526bcef4e590c8_arm64 |
| Red Hat | openshift4/ose-cluster-version-rhel9-operator@sha256:176ffe06131487190ce1d1887a41a6ab7ff0d0693e1896e85b53574251b4ae67_s390x as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-cluster-version-rhel9-operator@sha256:176ffe06131487190ce1d1887a41a6ab7ff0d0693e1896e85b53574251b4ae67_s390x, openshift4/ose-cluster-version-rhel9-operator@sha256:176ffe06131487190ce1d1887a41a6ab7ff0d0693e1896e85b53574251b4ae67_s390x, openshift4/ose-cluster-version-rhel9-operator@sha256:176ffe06131487190ce1d1887a41a6ab7ff0d0693e1896e85b53574251b4ae67_s390x |
| Red Hat | openshift4/ose-olm-catalogd-rhel9@sha256:697a2ffb1e23f8916f6d25918f155a639386e44bcf15e77b2372f9ea26ebb436_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-olm-catalogd-rhel9@sha256:697a2ffb1e23f8916f6d25918f155a639386e44bcf15e77b2372f9ea26ebb436_ppc64le, *, * |
| Red Hat | openshift4/ose-openstack-cinder-csi-driver-rhel9@sha256:f6eb1f64ce3b66dd49ae8f6f4aa45d0fbe39e9b993843c4575b0c49f02309f3e_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-openstack-cinder-csi-driver-rhel9@sha256:f6eb1f64ce3b66dd49ae8f6f4aa45d0fbe39e9b993843c4575b0c49f02309f3e_ppc64le, *, openshift4/ose-openstack-cinder-csi-driver-rhel9@sha256:f6eb1f64ce3b66dd49ae8f6f4aa45d0fbe39e9b993843c4575b0c49f02309f3e_ppc64le |
| Red Hat | openshift4/ose-baremetal-rhel9-operator@sha256:51ff38284e58003e68400759a60aec90a34423b1c33d8c022f08227286a67fef_s390x as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-baremetal-rhel9-operator@sha256:51ff38284e58003e68400759a60aec90a34423b1c33d8c022f08227286a67fef_s390x, *, openshift4/ose-baremetal-rhel9-operator@sha256:51ff38284e58003e68400759a60aec90a34423b1c33d8c022f08227286a67fef_s390x |
| Red Hat | openshift4/ose-csi-livenessprobe-rhel9@sha256:ee2c58e4a6144340dd78d21f062a0fba3ee50cfda4e95848298cbd4febe83ab7_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-csi-livenessprobe-rhel9@sha256:ee2c58e4a6144340dd78d21f062a0fba3ee50cfda4e95848298cbd4febe83ab7_arm64, openshift4/ose-csi-livenessprobe-rhel9@sha256:ee2c58e4a6144340dd78d21f062a0fba3ee50cfda4e95848298cbd4febe83ab7_arm64, * |
| Red Hat | openshift4/ose-csi-external-snapshotter-rhel9@sha256:45870b4d65bee884a54f3ff6818ff6eb90acd95e581f428cf761257c2394f2ec_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-csi-external-snapshotter-rhel9@sha256:45870b4d65bee884a54f3ff6818ff6eb90acd95e581f428cf761257c2394f2ec_arm64, *, openshift4/ose-csi-external-snapshotter-rhel9@sha256:45870b4d65bee884a54f3ff6818ff6eb90acd95e581f428cf761257c2394f2ec_arm64 |
| Red Hat | openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator@sha256:e74b5b4d674a534d2bd325836337801412c450478238ff15d812c02955186fd2_s390x as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator@sha256:e74b5b4d674a534d2bd325836337801412c450478238ff15d812c02955186fd2_s390x, openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator@sha256:e74b5b4d674a534d2bd325836337801412c450478238ff15d812c02955186fd2_s390x, * |
| Red Hat | openshift4/ose-baremetal-rhel9-operator@sha256:de5197d3b7d8394b9ad046074f4da08f4b0806fe9d1bc7eb2018439f85289da7_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | openshift4/ose-baremetal-rhel9-operator@sha256:de5197d3b7d8394b9ad046074f4da08f4b0806fe9d1bc7eb2018439f85289da7_arm64, openshift4/ose-baremetal-rhel9-operator@sha256:de5197d3b7d8394b9ad046074f4da08f4b0806fe9d1bc7eb2018439f85289da7_arm64, * |
…and 1272 more
Timeline
- Apr 10, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:3577 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2326231 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2346112 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2354195 issue
- https://issues.redhat.com/browse/OCPBUGS-44769 advisory
- https://issues.redhat.com/browse/OCPBUGS-52494 advisory
- https://issues.redhat.com/browse/OCPBUGS-52496 advisory
- https://issues.redhat.com/browse/OCPBUGS-52949 advisory
- https://issues.redhat.com/browse/OCPBUGS-53080 advisory
- https://issues.redhat.com/browse/OCPBUGS-53345 advisory
- https://issues.redhat.com/browse/OCPBUGS-53371 advisory
- https://issues.redhat.com/browse/OCPBUGS-53388 advisory
- https://issues.redhat.com/browse/OCPBUGS-53453 advisory
- https://issues.redhat.com/browse/OCPBUGS-54205 advisory
- https://issues.redhat.com/browse/OCPBUGS-54269 advisory
- https://issues.redhat.com/browse/OCPBUGS-54355 advisory
- https://issues.redhat.com/browse/OCPBUGS-54462 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3577.json advisory
- https://access.redhat.com/security/cve/CVE-2024-11218 advisory
…and 12 more