UBUNTU-CVE-2024-36621

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2024-36621
Downstream
USN-7474-1
Published: 29 Nov 2024, 18:15
Last modified:20 May 2026, 16:17

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Nov 2024, 18:15
Published
Vulnerability first disclosed
20 May 2026, 16:17
Last Modified
Vulnerability information updated

Description

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • ubuntudocker.io

    all | < 20.10.21-0ubuntu1~18.04.3+esm3 | < 20.10.21-0ubuntu1~20.04.6+esm2 | < 20.10.21-0ubuntu1~22.04.7+esm2 | < 20.10.25+dfsg1-2ubuntu1+esm2 | all | all

  • ubuntudocker.io-app

    < 26.1.3-0ubuntu1~20.04.1+esm1 | < 27.5.1-0ubuntu3~22.04.2 | < 27.5.1-0ubuntu3~24.04.2

References (4)