Kata Containers
Monthly
Arbitrary file write in Kata Containers v3.4.0 to v3.28.0 allows untrusted hosts to overwrite binaries and exfiltrate data from guest workloads, including those in confidential VMs (CVMs). The vulnerability stems from inadequate validation in the CopyFile policy, permitting host-initiated writes to arbitrary paths inside guest images. This enables binary replacement for code execution or data theft across the trust boundary. Patched in v3.29.0. EPSS data not available; no active exploitation confirmed at time of analysis.
Incorrect permissions in Kata Containers allow container escape via file permission manipulation. PoC and patch available.
Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security guarantee of hardware-isolated containers. PoC and patch available.
Arbitrary file write in Kata Containers v3.4.0 to v3.28.0 allows untrusted hosts to overwrite binaries and exfiltrate data from guest workloads, including those in confidential VMs (CVMs). The vulnerability stems from inadequate validation in the CopyFile policy, permitting host-initiated writes to arbitrary paths inside guest images. This enables binary replacement for code execution or data theft across the trust boundary. Patched in v3.29.0. EPSS data not available; no active exploitation confirmed at time of analysis.
Incorrect permissions in Kata Containers allow container escape via file permission manipulation. PoC and patch available.
Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security guarantee of hardware-isolated containers. PoC and patch available.