CVE-2024-3056

Name of the Vulnerable Software and Affected Versions: Podman (affected versions not specified)

Description: A flaw in Podman may allow an attacker to create a specially crafted container that can exhaust resources in /dev/shm by creating a large number of IPC resources. This can lead to a memory-based denial of service of the system, especially when a container is configured to restart always, such as with podman run --restart=always. The issue arises because the IPC resources created by the malicious container are not removed even after the container is out-of-memory (OOM) killed, as they are tied to an IPC namespace that remains open until all using containers are stopped.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.