announcement-date: 2020-05-28
id: KCSA-CVE-2020-2025
title: Kata Containers with Cloud Hypervisor guest image persists vulnerability
description: Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.
affected-components:
- components:
kata-runtimeversion: Before v1.11.0
vulnerabilities:
- CVE-ID: CVE-2020-2025
reporters:
- name:
Yuval Avrahamiaffiliation:Palo Alto Networksreported:- CVE-2020-2025
issues:
links: - kata-containers/runtime#2488
reviews:
v1.11.0: - kata-containers/runtime#2487
type: GitHub
reproduce:
- Create a Kata Container using Cloud Hypervisor
- Create a new file on the guest rootfs
- View the guest rootfs image on the host and the file can be seen there
notes:
-
The vulnerability can be used to attack other guests by malicious containers that find other ways to gain control over the guest. And all users running Kata Containers on top of Cloud Hypervisor are recommended to upgrade.
When running Kata Containers with Cloud Hypervisor, any change made to root filesystem device is written to the underlying
.imgfile. Since the device is plugged as read-write, a malicious guest could write to it and the changes will propagate to the image file on the host.Compromising the guest image file allows an attacker to control all subsequent guests that run that image. Since, by default, the same guest image file is used by all VMMs (QEMU, Firecracker and Cloud Hypervisor), the next time any guest is executed, it will be malicious. This immediately compromises all subsequent container runs. Additionally, it can expose the host to attacks that require the guest to be malicious from the moment it boots.