1. Home
  2. Vulnerabilities
  3. CVE-2020-2025

CVE-2020-2025

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 4.6 (Medium)
46% Progress
EPSS 0.04 % (13th)
0.04% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.

Weaknesses
CWE-281
Improper Preservation of Permissions
CWE-284
Improper Access Control
CVE Status
PUBLISHED
CNA
Palo Alto Networks, Inc.
Published Date
2020-05-19 21:15:10
(4 years ago)
Updated Date
2020-05-21 17:02:45
(4 years ago)

Affected Products

Katacontainers

Configuration #1

    CPE23 From Up To
  Katacontainers Runtime prior 1.11.0 version cpe:2.3:a:katacontainers:runtime < 1.11.0