Kata Containers - Cloud Hypervisor guests persist filesystem changes to the underlying host image file
CVE-2020-2025

8.8HIGH

Key Information:

Vendor: Kata Containers
Status: Kata Containers
Vendor: CVE Published:; 19 May 2020

🔔 Create Kata Containers Vulnerability Alert

What is CVE-2020-2025?

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.

Affected Version(s)

Kata Containers < 1.11.0

References

https://github.com/kata-containers/runtime/pull/2487

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2020
Vulnerability Reserved
Dec 4, 2019

Credit

Yuval Avrahami, Palo Alto Networks

CVE-2020-2025 Data

JSON