Kata Containers doesnt restrict containers from accessing the guests root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Runtime | Katacontainers | * | 1.9 (including) |
Runtime | Katacontainers | 1.10 (including) | 1.10.5 (excluding) |
Runtime | Katacontainers | 1.11 (including) | 1.11.1 (excluding) |