Kata Containers Initdata Verification Bypass Vulnerability on TDX Systems

A vulnerability in Kata Containers versions through 3.20.0 allows a malicious host to bypass initdata verification on TDX systems with confidential guests. This is achieved by selectively failing I/O operations, enabling the host to skip crucial verification steps. As a result, an attacker can launch arbitrary workloads while successfully attesting to Trustee as if it were any benign workload. The issue arises because the Kata agent can be manipulated to overlook verification, creating a risk of unauthorized workload execution under false pretenses.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of workloads in a confidential guest environment, with the ability to manipulate attestation statements, potentially undermining the integrity of the workload verification process.

Reproduction

The vulnerability can be reproduced on a TDX system running Kata Containers versions through 3.20.0. A malicious host can tamper with the guest's I/O operations to induce errors that bypass initdata verification. Once the verification is skipped, the Kata agent will accept and execute workloads without proper oversight, allowing for arbitrary tasks to be performed under the guise of a trusted process.

Remediation

Users can upgrade to Kata Containers version 3.21.0 or later, where this vulnerability has been patched.