@fungi - great suggestion. Indeed, I think there are a few steps we need to take now:
1) Get one more pair of eyes to verify Julios findings
2) Post a kata status to the CVE record on MITRE
3) Email Aleksa (original reporter and runc author - I've met him before etc.) to let him know our findings.
4) Make this bug public
4) email kata-dev with an update
@Xu - could you cast your eyes over this CVE (or if you have somebody more suitable, nominate them?) to get a second confirmation of our findings please? thx.
@fungi - great suggestion. Indeed, I think there are a few steps we need to take now:
1) Get one more pair of eyes to verify Julios findings
2) Post a kata status to the CVE record on MITRE
3) Email Aleksa (original reporter and runc author - I've met him before etc.) to let him know our findings.
4) Make this bug public
4) email kata-dev with an update
@Xu - could you cast your eyes over this CVE (or if you have somebody more suitable, nominate them?) to get a second confirmation of our findings please? thx.