CVE-2020-2024
MEDIUMKata Containers runtime < 1.11.0 - Denial of Service via Improper Link Resolution
Title source: llmDescription
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/kata-containers/runtime/issues/2474
Patch, Third Party Advisory x_refsource_misc
https://github.com/kata-containers/runtime/pull/2475
Scores
CVSS v3
6.5
EPSS
0.0037
EPSS Percentile
28.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-59
Status
published
Products (1)
katacontainers/runtime
< 1.11.0
Published
May 19, 2020
Tracked Since
Feb 18, 2026