malicious container creates symlink "mtab" on the host External
Package
Affected versions
>= 1.28.6, < 1.28.7
>= 1.29.4, < 1.29.5
>= 1.30.0, < 1.30.1
Patched versions
1.28.7
1.29.5
1.30.1
Description
Published to the GitHub Advisory Database
Jun 4, 2024
Reviewed
Jun 4, 2024
Published by the National Vulnerability Database
Jun 12, 2024
Last updated
Dec 11, 2024
Impact
A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.
A workload built from this Dockerfile:
and this container config:
and this sandbox config
will create a file on host
/host/mtab
Patches
1.30.1, 1.29.5, 1.28.7
Workarounds
Unfortunately not
References
Are there any links users can visit to find out more?
References