Kata Container to Guest micro VM privilege escalation

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

关键资源的不正确权限授予

Kata Containers 安全漏洞

Kata Containers是Kata Containers社区的一款开源的轻量级虚拟机构建程序。 Kata Containers 3.27.0之前版本存在安全漏洞，该漏洞源于与Cloud Hypervisor交互时的问题，可能导致容器用户修改Guest微VM使用的文件系统，最终在该VM中以root权限执行任意代码。

N/A

N/A