Kata Containers

evaluate CVE-2021-30465 for Kata Containers

Bug #1930431 reported by Eric on 2021-06-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Kata Containers	New	Undecided	Unassigned

Bug Description

See https://access.redhat.com/security/cve/cve-2021-30465

Let's evaluate the impact and apply mitigations if relevant.

CVE References

2021-30465

Revision history for this message

Peng Tao (bergwolf) wrote on 2021-07-26:

A few points w.r.t. CVE-2021-30465:
1. It needs k8s subpath to expolit the attack across containers in the same pod, but Kata doesn't support k8s subpath
2. The mount destination is created by kata-agent in the guest. So it won't affect the host in any case.
3. Without subpath being there to share volume subpath across containers, the guest is not affected either.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.