Kata Containers CopyFile Policy Oversight Allows Arbitrary File Writes in Guest Workload Images

A vulnerability in Kata Containers versions 3.4.0 to 3.28.0 allows untrusted hosts to write to arbitrary locations within guest workload images. This oversight in the CopyFile policy and possibly the CopyFile handler can be exploited to overwrite binaries inside the guest and exfiltrate data from containers, including those running in Confidential Virtual Machines (CVMs). The vulnerability arises because the CopyFile policy only checks the destination path, allowing files to be copied into the shared directory, from where they can be linked to sensitive areas in the guest image. The issue is fixed in Kata Containers version 3.29.0.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of guest workload images, allowing for the overwriting of binaries and the exfiltration of data from containers, including those running inside Confidential Virtual Machines.

Reproduction

To reproduce this vulnerability, first create a symlink in the shared directory that points to a target binary inside the guest workload image. Then, use the CopyFile request to transfer data from the host into the symlink, which will propagate the data into the guest image. Restarting the container may be necessary to invoke the modified binary.

Remediation

Users can upgrade to Kata Containers version 3.29.0, where this vulnerability has been fixed.