CVEFinder.io

CVE-2024-3056

⚠ī¸ high
🔍 Scan for this CVE
Summary

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed

Description

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.

CVSS Score
7.7
High
EPSS Score
0.4
Exploit Probability
Published Date
2024-08-02
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.6% of all 328,009 vulnerabilities in our database.

#99,625
Above average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Aug 3, 2024
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-12-27
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:H
CWE IDs (Weakness Types)
CWE-400

đŸ“Ļ Affected Products 5

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
fedoraproject fedora Affected
v40
redhat openshift_container_platform Affected
v4.0
podman_project podman Affected
≤ 5.2.0

🔗 References 3

https://access.redhat.com/security/cve/CVE-2024-3056
Third Party Advisory Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2270717
Issue Tracking
https://security.netapp.com/advisory/ntap-20241227-0...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-1766 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke... 2026-06-16
CVE-2026-1767 đŸ”ļ medium 5.6 0.2 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo... 2026-06-16
CVE-2026-11785 đŸ”ļ medium 4.3 0.2 A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial st... 2026-06-09
CVE-2026-11786 ℹī¸ low 1.9 0.2 A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute ... 2026-06-09
CVE-2026-11787 đŸ”ļ medium 5.0 0.2 A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without ... 2026-06-09
CVE-2026-11788 đŸ”ļ medium 5.9 0.4 A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before us... 2026-06-09
These CVEs affect the same products