CVE-2020-2024

An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
Configurations

Configuration 1 (hide)

cpe:2.3:a:katacontainers:runtime:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:24

Type Values Removed Values Added
References () https://github.com/kata-containers/runtime/issues/2474 - Third Party Advisory () https://github.com/kata-containers/runtime/issues/2474 - Third Party Advisory
References () https://github.com/kata-containers/runtime/pull/2475 - Patch, Third Party Advisory () https://github.com/kata-containers/runtime/pull/2475 - Patch, Third Party Advisory

Information

Published : 2020-05-19 21:15

Updated : 2024-11-21 05:24


NVD link : CVE-2020-2024

Mitre link : CVE-2020-2024

CVE.ORG link : CVE-2020-2024


JSON object : View

Products Affected

katacontainers

  • runtime
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')