An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
References
Link | Resource |
---|---|
https://github.com/kata-containers/runtime/issues/2474 | Third Party Advisory |
https://github.com/kata-containers/runtime/pull/2475 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-05-19 21:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-2024
Mitre link : CVE-2020-2024
CVE.ORG link : CVE-2020-2024
JSON object : View
Products Affected
katacontainers
- runtime
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')