Filesystem Access Flaw in KubeVirt Affects Red Hat Products
CVE-2020-14316

9.9CRITICAL

Key Information:

Vendor: Kubevirt
Status: Kubevirt
Vendor: CVE Published:; 29 July 2020

What is CVE-2020-14316?

A flaw in KubeVirt versions 0.29 and earlier allows Virtual Machine Instances (VMIs) to access the underlying host's filesystem. This vulnerability can be exploited to gain the privileges of the VM process running on the host system. An attacker may leverage this flaw to read or modify any file within the host environment, severely impacting data confidentiality, integrity, and system availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kubevirt All versions before kubevirt 0.30.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1848951

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jun 17, 2020

JSON

Kubevirt

What is CVE-2020-14316?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.