AZL-50103 CVE-2024-9341 affecting package cri-o for versions less than 1.22.3-9

🗓️ 01 Oct 2024 19:15:09Reported by GoogleType

osv🔗 osv.dev👁 1 Views

FIPS mode flaw in Go library lets symbolic links mount host directories in containers, breaching isolation in cri-o before 1.22.3-9.

Reporter	Title	Published	Views	Family All 256
IBM Security Bulletins	Security Bulletin: Additional security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2025.	3 May 202505:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to gcc, github.com/opencontainers/runc and github.com/containers/common (CVE-2024-45310, CVE-2020-11023, CVE-2024-9341)	25 Mar 202512:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak	9 Jun 202519:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	5 Jun 202506:12	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0241: container-tools:rhel8 (ALINUX3-SA-2024:0241)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : podman (ALSA-2024:8039)	15 Oct 202400:00	–	nessus
Tenable Nessus	AlmaLinux 9 : buildah (ALSA-2024:8112)	16 Oct 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:8846)	6 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 40 : buildah / podman (2024-054752ae69)	12 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 41 : buildah / podman (2024-2e8c63e8bf)	14 Nov 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-9341

21 Apr 2026 04:30Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.18.2

EPSS0.0099