KubeVirt Denial-of-Service Vulnerability via Guest Agent Network Interface Reporting

A denial-of-service vulnerability has been identified in KubeVirt. When the guest agent is active, a user within a virtual machine can exploit this flaw by causing the agent to report an excessive number of network interfaces. This overloads the system's capacity to manage VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). As a result, the VM user can hinder the VM administrator's ability to manage the VM, disrupting administrative operations.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition for VM administration by blocking VMI configuration updates, thereby restricting the administrator's management capabilities.

Reproduction

To reproduce this vulnerability, activate the guest agent within a virtual machine. Once the agent is active, manipulate it to report an excessive number of network interfaces. This can be done by creating multiple virtual network interfaces or by using a method that causes the agent to misreport the number of interfaces. The overload will prevent the system from processing VM configuration updates, causing a denial-of-service condition for administrative operations.