alpine · CVE-2024-9341

Quick triage

Priority: not assigned Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2024-9341: 2 source package rows (buildah, podman); 10 state rows across 4 repos (3.20-community, 3.21-community, 3.22-community, edge-community); fixed 10, open 0.

Description:

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

cvelogic Threat Intelligence