SB2020061058 - Multiple vulnerabilities in Runtime
Published: June 10, 2020 Updated: May 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2020-2023)
The vulnerability allows a local authenticated user to read and manipulate data.
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.
2) Link following (CVE-ID: CVE-2020-2026)
The vulnerability allows a local authenticated user to execute arbitrary code.
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.
Remediation
Install update from vendor's website.
References
- https://github.com/kata-containers/agent/issues/791
- https://github.com/kata-containers/agent/pull/792
- https://github.com/kata-containers/runtime/issues/2488
- https://github.com/kata-containers/runtime/pull/2477
- https://github.com/kata-containers/runtime/pull/2487
- https://github.com/kata-containers/runtime/releases/tag/1.10.5
- https://github.com/kata-containers/runtime/releases/tag/1.11.1
- https://github.com/kata-containers/runtime/issues/2712
- https://github.com/kata-containers/runtime/pull/2713