CVE-2020-2023

Summary

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Affected Software

VendorProductVersion RangeStatus
Kata ContainersKata Containers1.11 < 1.11.1affected
Kata ContainersKata Containers1.10 < 1.10.5affected
Kata ContainersKata Containers1 <= 1.9affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

References