Kata Containers

Bug #1878234
Comment #67

Comment 67 for bug 1878234

Revision history for this message

Karen Noel (knoel-9) wrote on 2020-10-15: Re: [Bug 1878234] Re: Some kata-runtime annotations can execute arbitrary code

#67

Cool. We don't ship Kata yet, but we have a component in Bugzilla. Will the
Red Hat ProdSec team create a BZ to make sure it gets fixed downstream?

Karen

On Thu, Oct 15, 2020, 6:05 AM Christophe de Dinechin <
<email address hidden>> wrote:

> Known as CVE-2020-27151.
>
> ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27151
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1878234
>
> Title:
> Some kata-runtime annotations can execute arbitrary code
>
> Status in Kata Containers:
> New
>
> Bug description:
> ================================
> This issue is being treated as a potential security risk under embargo.
> Please do not make any public mention of embargoed (private) security
> vulnerabilities before their coordinated publication by the Kata
> Containers Vulnerability Management Team in the form of an official
> Kata Containers Security Advisory. This includes discussion of the bug
> or associated fixes in public forums such as mailing lists, code review
> systems and bug trackers. Please also avoid private disclosure to other
> individuals not already approved for access to this information, and
> provide this same reminder to those who are made aware of the issue
> prior to publication. All discussion should remain confined to this
> private bug report, and any proposed fixes should be added to the bug
> as attachments.
> ================================
>
> A few of the kata-runtime annotations can be used to execute arbitrary
> pre-existing binaries on the host.
>
> For example, "virtio_fs_daemon" in combination with
> "virtio_fs_extra_args" makes it possible to invoke a host binary with
> arbitrary args.
>
> The hypervisor.path and hypervisor.jailer_path annotations could also
> be used the same way.
>
> Suggestion for fix: add valid annotation values to the configuration
> file that lists the acceptable values for such annotations, with a
> suitable default value of "empty".
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/katacontainers.io/+bug/1878234/+subscriptions
>
>

Cool. We don't ship Kata yet, but we have a component in Bugzilla. Will the
Red Hat ProdSec team create a BZ to make sure it gets fixed downstream?

Karen

On Thu, Oct 15, 2020, 6:05 AM Christophe de Dinechin <
1878234@bugs.launchpad.net> wrote:

> Known as CVE-2020-27151.
>
> ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27151
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1878234
>
> Title:
>   Some kata-runtime annotations can execute arbitrary code
>
> Status in Kata Containers:
>   New
>
> Bug description:
>   ================================
>   This issue is being treated as a potential security risk under embargo.
>   Please do not make any public mention of embargoed (private) security
>   vulnerabilities before their coordinated publication by the Kata
>   Containers Vulnerability Management Team in the form of an official
>   Kata Containers Security Advisory. This includes discussion of the bug
>   or associated fixes in public forums such as mailing lists, code review
>   systems and bug trackers. Please also avoid private disclosure to other
>   individuals not already approved for access to this information, and
>   provide this same reminder to those who are made aware of the issue
>   prior to publication. All discussion should remain confined to this
>   private bug report, and any proposed fixes should be added to the bug
>   as attachments.
>   ================================
>
>   A few of the kata-runtime annotations can be used to execute arbitrary
>   pre-existing binaries on the host.
>
>   For example, "virtio_fs_daemon" in combination with
>   "virtio_fs_extra_args" makes it possible to invoke a host binary with
>   arbitrary args.
>
>   The hypervisor.path and hypervisor.jailer_path annotations could also
>   be used the same way.
>
>   Suggestion for fix: add valid annotation values to the configuration
>   file that lists the acceptable values for such annotations, with a
>   suitable default value of "empty".
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/katacontainers.io/+bug/1878234/+subscriptions
>
>