An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
References
Link | Resource |
---|---|
https://github.com/kata-containers/runtime/issues/2474 | Third Party Advisory |
https://github.com/kata-containers/runtime/pull/2475 | Patch Third Party Advisory |
https://github.com/kata-containers/runtime/issues/2474 | Third Party Advisory |
https://github.com/kata-containers/runtime/pull/2475 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/kata-containers/runtime/issues/2474 - Third Party Advisory | |
References | () https://github.com/kata-containers/runtime/pull/2475 - Patch, Third Party Advisory |
Information
Published : 2020-05-19 21:15
Updated : 2024-11-21 05:24
NVD link : CVE-2020-2024
Mitre link : CVE-2020-2024
CVE.ORG link : CVE-2020-2024
JSON object : View
Products Affected
katacontainers
- runtime
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')