Vulnerabilities (CVE)

Filtered by vendor Katacontainers Subscribe
Filtered by product Runtime
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2026 2 Fedoraproject, Katacontainers 2 Fedora, Runtime 2024-11-21 4.6 MEDIUM 7.8 HIGH
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.
CVE-2020-2025 1 Katacontainers 1 Runtime 2024-11-21 4.6 MEDIUM 8.8 HIGH
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.
CVE-2020-2024 1 Katacontainers 1 Runtime 2024-11-21 2.1 LOW 6.5 MEDIUM
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
CVE-2020-2023 1 Katacontainers 1 Runtime 2024-11-21 4.6 MEDIUM 3.8 LOW
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.