CVE-2020-2025
Kata Containers - Cloud Hypervisor guests persist filesystem changes to the underlying host image file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.
Kata Containers versiones anteriores a 1.11.0, en Cloud Hypervisor persisten cambios del sistema de archivos invitado en el archivo de imagen subyacente en el host. Un invitado malicioso puede sobrescribir el archivo de imagen para conseguir el control de todas las posteriores Máquinas Virtuales invitadas. Ya que Kata Containers usa el mismo archivo de imagen de la VM con todos los VMM, este problema también puede afectar a los invitados basados en QEMU y Firecracker.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-04 CVE Reserved
- 2020-05-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-281: Improper Preservation of Permissions
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/kata-containers/runtime/pull/2487 | 2020-05-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Katacontainers Search vendor "Katacontainers" | Runtime Search vendor "Katacontainers" for product "Runtime" | < 1.11.0 Search vendor "Katacontainers" for product "Runtime" and version " < 1.11.0" | - |
Affected
| ||||||