CVE-2024-9675

Name: CVE-2024-9675
Creator: NVD / NIST
Published: 2024-10-09T15:15:17.837+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.4/10EPSS 0.39%

Last modified Jun 25, 2026

CVE-2024-9675 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Metrics

CVSS 3.1

4.4/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

0.39%

30.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Buildah Project	Buildah	All versions
Redhat	Openshift Container Platform	4.13
Redhat	Openshift Container Platform	4.14
Redhat	Openshift Container Platform	4.15
Redhat	Openshift Container Platform	4.16
Redhat	Openshift Container Platform	4.17
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux Eus	9.0
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux Eus	9.4
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64	9.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	8.8_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.2_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.4_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems	9.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.2_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.4_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian	9.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	8.8_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.2_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.4_ppc64le
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server Aus	9.2
Redhat	Enterprise Linux Server Aus	9.4
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6_ppc64le
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.8_ppc64le
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.0_ppc64le
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.2_ppc64le
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.4_ppc64le
Redhat	Enterprise Linux Server Tus	8.6
Redhat	Enterprise Linux Server Tus	8.8
Redhat	Enterprise Linux Update Services For Sap Solutions	8.6
Redhat	Enterprise Linux Update Services For Sap Solutions	8.8
Redhat	Enterprise Linux Update Services For Sap Solutions	9.0
Redhat	Enterprise Linux Update Services For Sap Solutions	9.2
Redhat	Enterprise Linux Update Services For Sap Solutions	9.4

References

https://access.redhat.com/errata/RHSA-2024:8563Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8675Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8679Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8686Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8690Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8700Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8703Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8707Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8708Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8709Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8846Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8984Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:8994Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9051Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9454Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9459Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2445Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2449Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2454Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2701Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2710Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3301Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3573Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-9675Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317458Issue Tracking

Timeline

Published: Oct 9, 2024
Last Modified: Jun 25, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-9675?

How severe is CVE-2024-9675?

CVE-2024-9675 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.

How do I fix CVE-2024-9675?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-9675?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST