Bugzilla – Bug 1172090
VUL-0: CVE-2020-2025: katacontainers: a malicious guest can overwrite the image file to gain control of all subsequent guest VMs
Last modified: 2020-05-28 16:05:43 UTC
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem
changes to the underlying image file on the host. A malicious guest can
overwrite the image file to gain control of all subsequent guest VMs. Since Kata
Containers uses the same VM image file with all VMMs, this issue may also affect
QEMU and Firecracker based guests.
Hey Ralf, do you wanna take care of this? :)
This bug is only relevant when using "cloud-hypervisor". Currently we don't ship that with opensuse. Neither are our katacontainers packages enabled to be used with cloud-hypervisor.
Note: I'll update our packages to 1.11.0 anyways in order to address: bug#1172092