evaluate CVE-2021-30465 for Kata Containers
Bug #1930431 reported by
Eric
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kata Containers |
New
|
Undecided
|
Unassigned |
Bug Description
See https:/
Let's evaluate the impact and apply mitigations if relevant.
CVE References
To post a comment you must log in.
A few points w.r.t. CVE-2021-30465:
1. It needs k8s subpath to expolit the attack across containers in the same pod, but Kata doesn't support k8s subpath
2. The mount destination is created by kata-agent in the guest. So it won't affect the host in any case.
3. Without subpath being there to share volume subpath across containers, the guest is not affected either.