Incus Image Cache Poisoning Vulnerability Allowing Execution of Attacker-Controlled Images

A vulnerability in Incus, a system container and virtual machine manager, prior to version 6.23.0, allows for image cache poisoning. This issue arises from inadequate validation of image fingerprints when downloading from simplestreams image servers. Under very specific circumstances, this vulnerability could lead to other tenants running images controlled by an attacker instead of the intended ones. The flaw exists because Incus verifies the SHA256 of individual files but fails to ensure that the concatenated hash matches the fingerprint in the simplestreams index. An attacker with access to an Incus server, and without proper image source restrictions, could exploit this to poison the global image cache, potentially affecting other users.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of compromised images in place of legitimate ones, causing a user to unknowingly run an attacker-controlled image.

Reproduction

To reproduce this vulnerability, download the simplestreams index and a corresponding image from the official image server. Then, modify the image by injecting a payload, such as a line in the bashrc file, and update the image metadata to reflect the changes. After uploading the altered image to an attacker-controlled server, it can be downloaded by an Incus environment that lacks proper image source restrictions, such as 'restricted.image.servers' or equivalent firewall rules. Once the compromised image is cached, it can be deployed as an instance, executing the injected payload.

Remediation

Users can update to Incus version 6.23.0 or later, which addresses this vulnerability by adding the necessary validation of concatenated image fingerprints. For those in multi-tenant environments, it is also recommended to configure 'restricted.image.servers' or equivalent network restrictions through firewall rules or an HTTP proxy.