CVE-2025-58354

Name of the Vulnerable Software and Affected Versions Kata Containers versions prior to 3.21.0

Description Kata Containers is an open source project focused on lightweight Virtual Machines that function like containers. In versions prior to 3.21.0, a malicious host can bypass initdata verification. Specifically, on TDX systems running confidential guests, a malicious host can selectively fail Input/Output (IO) operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while successfully attesting to Trustee, impersonating a benign workload.

Recommendations Update to Kata Containers version 3.21.0 or later.