PT-2020-15249 · Kata Containers+2 · Kata Containers+2

Published

2020-05-19

Updated

2021-08-24

CVE-2020-2025

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kata Containers versions prior to 1.11.0

Description The issue allows a malicious guest to persist filesystem changes to the underlying image file on the host, potentially gaining control of subsequent guest VMs. This is particularly concerning since Kata Containers uses the same VM image file across different VMMs, which may also impact QEMU and Firecracker based guests.

Recommendations For versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue.

Fix

Improper Access Control

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-281

Related Identifiers

CVE-2020-2025

Affected Products

Firecracker

Kata Containers

Qemu

PT-2020-15249 · Kata Containers+2 · Kata Containers+2

CVE-2020-2025

Weakness Enumeration

Related Identifiers

Affected Products

References · 6