Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter directory for the container rootfs. When the Kata runtime attempts to mount the container rootfs, the bind mount causes the rootfs to be detected as a block device, leading to the underlying device being hotplugged to the guest. This can cause filesystem-level errors on the host due to double inode allocation, and may lead to the host's block device being mounted as read-only. Version 3.26.0 contains a patch for the issue.

N/A

对因果或异常条件的不恰当检查

Kata Containers 代码问题漏洞

Kata Containers是Kata Containers社区的一款开源的轻量级虚拟机构建程序。 Kata Containers 3.26.0之前版本存在代码问题漏洞，该漏洞源于处理畸形容器镜像时回退绑定空目录，可能导致主机文件系统错误和块设备被挂载为只读。

N/A

N/A