A few points w.r.t. CVE-2021-30465:
1. It needs k8s subpath to expolit the attack across containers in the same pod, but Kata doesn't support k8s subpath
2. The mount destination is created by kata-agent in the guest. So it won't affect the host in any case.
3. Without subpath being there to share volume subpath across containers, the guest is not affected either.
A few points w.r.t. CVE-2021-30465:
1. It needs k8s subpath to expolit the attack across containers in the same pod, but Kata doesn't support k8s subpath
2. The mount destination is created by kata-agent in the guest. So it won't affect the host in any case.
3. Without subpath being there to share volume subpath across containers, the guest is not affected either.