Multiple vulnerabilities in Runtime
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-2023 CVE-2020-2026 |
| CWE-ID | CWE-269 CWE-59 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Runtime Server applications / Virtualization software |
| Vendor | Kata Containers |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Privilege Management
EUVDB-ID: #VU34359
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/U:Clear]
CVE-ID: CVE-2020-2023
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: Yes
DescriptionThe vulnerability allows a local authenticated user to read and manipulate data.
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRuntime: 1.11.0
CPE2.3 External linkshttps://github.com/kata-containers/agent/issues/791
https://github.com/kata-containers/agent/pull/792
https://github.com/kata-containers/runtime/issues/2488
https://github.com/kata-containers/runtime/pull/2477
https://github.com/kata-containers/runtime/pull/2487
https://github.com/kata-containers/runtime/releases/tag/1.10.5
https://github.com/kata-containers/runtime/releases/tag/1.11.1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Link following
EUVDB-ID: #VU34360
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2020-2026
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRuntime: 1.11.0
CPE2.3 External linkshttps://github.com/kata-containers/runtime/issues/2712
https://github.com/kata-containers/runtime/pull/2713
https://github.com/kata-containers/runtime/releases/tag/1.10.5
https://github.com/kata-containers/runtime/releases/tag/1.11.1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
