Vulnerability Description
A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubevirt | Kubevirt | <= 0.29 |
| Redhat | Openshift Virtualization | 1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1848951Issue TrackingPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1848951Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2020-14316?
CVE-2020-14316 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges...
How severe is CVE-2020-14316?
CVE-2020-14316 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14316?
Check the references section above for vendor advisories and patch information. Affected products include: Kubevirt Kubevirt, Redhat Openshift Virtualization.