CVE-2024-3056Uncontrolled Resource Consumption in Containers Podman

CWE-400Uncontrolled Resource Consumption8 documents6 sources
Severity
4.8MEDIUMNVD
CNA7.7
EPSS
0.4%
top 42.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Github.com Containers PodmanGithub.com Containers Podman V2Github.com Containers Podman V3+6 more
Timeline
PublishedAug 2
Latest updateAug 6

Description

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

Also affects: Openshift Container Platform 4.0, Fedora 40, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

5
OSV
Podman vulnerable to memory-based denial of service in github.com/containers/podman2024-08-06
CVEList
Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack2024-08-02
GHSA
Podman vulnerable to memory-based denial of service2024-08-02
OSV
Podman vulnerable to memory-based denial of service2024-08-02
OSV
CVE-2024-3056: A flaw was found in Podman2024-08-02

📋Vendor Advisories

1
Red Hat
podman: kernel: containers in shared IPC namespace are vulnerable to denial of service attack2024-07-25

💬Community

1
Bugzilla
CVE-2024-3056 podman: kernel: containers in shared IPC namespace are vulnerable to denial of service attack2024-03-21