CNNVD-202601-4870 Information
CNNVD ID
CNNVD-202601-4870
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
Kata Containers是Kata Containers社区的一款开源的轻量级虚拟机构建程序。 Kata Containers 3.26.0之前版本存在代码问题漏洞,该漏洞源于处理畸形容器镜像时回退绑定空目录,可能导致主机文件系统错误和块设备被挂载为只读。
Description (English)
Kata Containers is an open-source, lightweight virtual institution for the Kata Containers community. There was a code problem loophole in the previous version of Kata Containers 3.26.0, which resulted from the back-coaching of empty directories while processing the aberrant mirrors, which could lead to errors in the host file system and the mount of block devices as read-only.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Kata Containers
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/containerd/containerd/blob/d939b6af5f8536c2cae85e919e7c40070557df0e/plugins/snapshots/overlay/overlay.go#L564-L581 https://github.com/kata-containers/kata-containers/blob/a164693e1afead84cd01d5bc3575e2cbfe64ce35/src/runtime/virtcontainers/container.go#L1122-L1126 https://github.com/kata-containers/kata-containers/blob/c7d0c270ee7dfaa6d978e6e07b99dabdaf2b9fda/src/runtime/virtcontainers/container.go#L1616-L1623 https://github.com/kata-containers/kata-containers/commit/20ca4d2d79aa5bf63aa1254f08915da84f19e92a https://github.com/kata-containers/kata-containers/security/advisories/GHSA-5fc8-gg7w-3g5c https://access.redhat.com/security/cve/cve-2026-24054
Patch
https://github.com/kata-containers/kata-containers/releases
Share on: