Multiple vulnerabilities in Kata Containers

Published: 2020-05-19 | Updated: 2020-08-05

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2020-2025 CVE-2020-2024
CWE-ID	CWE-59
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	Kata Containers Server applications / Virtualization software
Vendor	Kata Containers

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Preservation of Permissions

EUVDB-ID: #VU33995

Risk: High

CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2025

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to take over all guest operating systems on the hypervisor.

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Kata Containers: 1.9.3 - 1.10.6

External links

http://github.com/kata-containers/runtime/pull/2487

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Link following

EUVDB-ID: #VU33996

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2024

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')