Red Hat Podman and Buildah Container Breakout Vulnerability

A vulnerability allowing container breakout has been identified in Red Hat Podman and Buildah. This issue arises when using the '--jobs=2' option, creating a race condition while building a malicious Containerfile. Although SELinux may provide some mitigation, it still permits the enumeration of files and directories on the host.

Impact

Exploitation of this vulnerability can lead to unauthorized access to the host's filesystem from within a container, allowing sensitive files to be read or written. This is particularly severe if the build process runs as a root-owned Podman service accessible to unprivileged users, as it could involve high-privilege files like setuid executables.

Reproduction

To reproduce this vulnerability, build a Containerfile that exploits the race condition by using the '--jobs=2' option with Podman or Buildah. The malicious Containerfile should be crafted to take advantage of the timing of the build process, potentially accessing sensitive files on the host.

Remediation

Users can upgrade to the latest versions of Podman or Buildah, which include the necessary fixes. Instructions for applying these updates are available on the Red Hat Customer Portal.