PT-2020-15250 · Kata Containers · Kata Containers
Bergwolf
·
Published
2020-06-10
·
Updated
2022-11-16
·
CVE-2020-2026
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kata Containers versions prior to 1.11.1
Kata Containers versions prior to 1.10.5
Kata Containers version 1.9 and earlier
Description
A malicious guest compromised before a container creation, such as a malicious guest image or a guest running multiple containers, can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host.
Recommendations
For Kata Containers versions prior to 1.11.1, update to version 1.11.1 or later.
For Kata Containers versions prior to 1.10.5, update to version 1.10.5 or later.
For Kata Containers version 1.9 and earlier, update to a version later than 1.9.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kata Containers