RSS   Vulnerabilities for 'Runtime'   RSS

2020-05-19
 
CVE-2020-2025

CWE-281
 

 
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.

 
 
CVE-2020-2024

CWE-59
 

 
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.

 

 >>> Vendor: Katacontainers 2 Products
Runtime
Kata containers


Copyright 2024, cxsecurity.com

 

Back to Top