CVE-2020-8557

Summary

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes1.15affected
KubernetesKubernetes1.14affected
KubernetesKubernetes1.13affected
KubernetesKubernetes1.12affected
KubernetesKubernetes1.11affected
KubernetesKubernetes1.10affected
KubernetesKubernetes1.9affected
KubernetesKubernetes1.8affected
KubernetesKubernetes1.7affected
KubernetesKubernetes1.6affected
KubernetesKubernetes1.5affected
KubernetesKubernetes1.4affected
KubernetesKubernetes1.3affected
KubernetesKubernetes1.2affected
KubernetesKubernetes1.1affected
KubernetesKubernetes1.18 < 1.18.6affected
KubernetesKubernetes1.17 < 1.17.9affected
KubernetesKubernetes1.16 < 1.16.13affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References