cbcvebase.
CVE-2020-14316
published 2020-07-29

CVE-2020-14316: A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation…

PriorityP261critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.58%
72.4th percentile
A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected

4 ranges
VendorProductVersion rangeFixed in
kubevirt.iokubevirt>= 0 < 0.30.00.30.0
kubevirtkubevirt<= 0.29
kubevirtkubevirt
redhatopenshift_virtualization

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor VMI (Virtual Machine Instance) definitions in kubevirt 0.29 and earlier for configurations that mount or reference host filesystem paths, which could indicate exploitation of this flaw.
  • Inspect the virt-launcher container process for unexpected privilege escalation or access to host files beyond the expected VM scope, particularly in OpenShift Virtualization 1.4 and 2.3.
  • Review the upstream patch at https://github.com/kubevirt/kubevirt/pull/3686 to understand the code-level change and derive specific file/path access patterns to monitor for in VMI specs or runtime behavior.
  • ·Affected versions are kubevirt 0.29 and earlier; upgrade to the fixed version shipped in RHSA-2020:3194 (CNV 2.4) to remediate.
  • ·Running VMIs as non-root and enforcing SELinux/sVirt reduces the blast radius but does not fully eliminate the risk of host filesystem access.
  • ·The virt-launcher container in OpenShift Virtualization 1.x is listed as 'Will not fix', meaning deployments on that branch remain permanently exposed and require compensating controls.

CVSS provenance

nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat9.9CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.