#VU34052 Resource exhaustion in Kubernetes - CVE-2020-8557
Published: July 23, 2020 / Updated: August 5, 2020
Vulnerability identifier: #VU34052
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-8557
CWE-ID: CWE-400
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Kubernetes
Kubernetes
Software vendor:
Kubernetes
Kubernetes
Description
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
Remediation
Install update from vendor's website.