Description
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m
Scores
CVSS v4
6.9
EPSS
0.0031
EPSS Percentile
21.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (1)
kata-containers/kata-containers
< 3.21.0
Published
Sep 23, 2025
Tracked Since
Feb 18, 2026