How severe is CVE-2024-23651?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-23651?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2024-23651 - HIGH Severity | CVSS 7.4

Vulnerability Description

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

Related Vulnerabilities

CVE-2013-1278

HIGH

CVSS:7.4(High)

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server...

CWE-3622013

CVE-2013-1292

HIGH

CVSS:7.4(High)

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT ...

CWE-3622013

CVE-2016-2069

HIGH

CVSS:7.4(High)

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

CWE-3622016

CVE-2017-12410

HIGH

CVSS:7.4(High)

It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its bina...

CWE-3622017

CVE-2019-15879

HIGH

CVSS:7.4(High)

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel...

CWE-3622019

CVE-2019-2213

HIGH

CVSS:7.4(High)

In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. Use...

CWE-3622019