Openshift Virtualization
Monthly
Server-side request forgery in KubeVirt's virt-api port-forward handler allows authenticated Kubernetes users with kubevirt.io:edit permissions to establish arbitrary bidirectional TCP tunnels from virt-api's trusted cluster-internal network position to any routable destination, bypassing NetworkPolicy isolation. The vulnerability arises because virt-api reads the target IP from vmi.Status.Interfaces[0].IP - a value supplied by the QEMU guest agent inside the VM and thus fully controllable by the VM owner when non-masquerade network bindings (bridge or secondary-only) are in use - and passes it directly to net.Dial() without validation. No public exploit or active exploitation has been identified at time of analysis; EPSS data was not available in the provided intelligence.
Symlink-following in KubeVirt's virt-handler permits a container-level attacker to overwrite arbitrary host files and change their ownership. An attacker with access to the virt-launcher container can plant a symlink at the network cache file path expected by the `WriteToCachedFile` function; virt-handler then follows that symlink when calling `os.WriteFile` and `os.Chown`, enabling writes of attacker-influenced JSON content to any path accessible by virt-handler on the host. This represents a partial container-to-host escape - a scope change from the container context to the underlying node - with no public exploit identified at time of analysis.
KubeVirt's virt-handler domain notify server allows a compromised virt-launcher process to forge lifecycle events for any other VMI scheduled on the same Kubernetes node, causing virt-handler to corrupt that VMI's state and disrupt its lifecycle management. The root cause is that gRPC handlers for HandleDomainEvent and HandleK8SEvent accept VMI namespace/name exclusively from the request body, never cross-checking against the per-VMI pipe socket the connection arrived on. With CVSS 6.5 (AV:L/S:C), the attack requires local access via a compromised container but can impact multiple VMIs across tenants on the same node; no public exploit code or CISA KEV listing has been identified at time of analysis.
Local privilege boundary bypass in KubeVirt's safepath package lets an attacker who controls a virt-launcher pod trick the privileged virt-handler into applying file ownership or permission changes to unintended host paths. The OpenAtNoFollow safeguard is defeated because downstream helpers re-open the descriptor through /proc/self/fd/N with link-following syscalls, so a symlink at the path leaf is dereferenced. There is no public exploit identified at time of analysis, EPSS is very low (0.12%), and CISA SSVC marks exploitation as none.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.
A flaw was found in kubevirt 0.29 and earlier. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.
Server-side request forgery in KubeVirt's virt-api port-forward handler allows authenticated Kubernetes users with kubevirt.io:edit permissions to establish arbitrary bidirectional TCP tunnels from virt-api's trusted cluster-internal network position to any routable destination, bypassing NetworkPolicy isolation. The vulnerability arises because virt-api reads the target IP from vmi.Status.Interfaces[0].IP - a value supplied by the QEMU guest agent inside the VM and thus fully controllable by the VM owner when non-masquerade network bindings (bridge or secondary-only) are in use - and passes it directly to net.Dial() without validation. No public exploit or active exploitation has been identified at time of analysis; EPSS data was not available in the provided intelligence.
Symlink-following in KubeVirt's virt-handler permits a container-level attacker to overwrite arbitrary host files and change their ownership. An attacker with access to the virt-launcher container can plant a symlink at the network cache file path expected by the `WriteToCachedFile` function; virt-handler then follows that symlink when calling `os.WriteFile` and `os.Chown`, enabling writes of attacker-influenced JSON content to any path accessible by virt-handler on the host. This represents a partial container-to-host escape - a scope change from the container context to the underlying node - with no public exploit identified at time of analysis.
KubeVirt's virt-handler domain notify server allows a compromised virt-launcher process to forge lifecycle events for any other VMI scheduled on the same Kubernetes node, causing virt-handler to corrupt that VMI's state and disrupt its lifecycle management. The root cause is that gRPC handlers for HandleDomainEvent and HandleK8SEvent accept VMI namespace/name exclusively from the request body, never cross-checking against the per-VMI pipe socket the connection arrived on. With CVSS 6.5 (AV:L/S:C), the attack requires local access via a compromised container but can impact multiple VMIs across tenants on the same node; no public exploit code or CISA KEV listing has been identified at time of analysis.
Local privilege boundary bypass in KubeVirt's safepath package lets an attacker who controls a virt-launcher pod trick the privileged virt-handler into applying file ownership or permission changes to unintended host paths. The OpenAtNoFollow safeguard is defeated because downstream helpers re-open the descriptor through /proc/self/fd/N with link-following syscalls, so a symlink at the path leaf is dereferenced. There is no public exploit identified at time of analysis, EPSS is very low (0.12%), and CISA SSVC marks exploitation as none.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.
A flaw was found in kubevirt 0.29 and earlier. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.