CVE-2020-8557

Name of the Vulnerable Software and Affected Versions Kubernetes versions 1.1 through 1.16.12 Kubernetes versions 1.17.0 through 1.17.8 Kubernetes versions 1.18.0 through 1.18.5

Description The issue concerns the kubelet component of Kubernetes, where it fails to account for disk usage by a pod that writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included in the calculation of ephemeral storage usage by the kubelet eviction manager. This could lead to a pod filling the node's storage space and causing the node to fail.

Recommendations For Kubernetes versions 1.1 through 1.16.12, consider restricting access to the /etc/hosts file to prevent excessive writing. For Kubernetes versions 1.17.0 through 1.17.8, consider implementing a workaround to monitor and limit disk usage by pods. For Kubernetes versions 1.18.0 through 1.18.5, consider disabling the writing of large amounts of data to the /etc/hosts file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.