GHSA-2GV2-CFFP-J227 Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...

Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

GHSA-RR59-XXVX-96QR Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

PT-2026-43453

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. By injecting -o source=/ along with --no-announce-submount...

Astra Linux - уязвимость в qemu

A flaw was discovered in the implementation of the QEMU virtio-fs shared file system daemon virtiofsd. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in directories shared by virtio-fs, with unintended group ownership. This occurs in a scenario where a...

Astra Linux - уязвимость в qemu

A flaw was discovered in the virtio-fs shared file system daemon virtiofsd of QEMU. The new ‘xattrmap’ option may cause the ‘security.capability’ xattr in the guest to not be dropped when writing files, potentially allowing a modified, privileged executable to be executed within the guest. In rar...

SUSE-SU-2026:20723-1 Security update for virtiofsd

This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...

SUSE-SU-2026:20661-1 Security update for virtiofsd

This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...

openSUSE Security Advisory (SUSE-SU-2026:0816-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

virtiofsd-1.13.2-2.1 on GA media (moderate)

virtiofsd-1.13.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10308-1 Rating: moderate Cross-References: CVE-2026-25727 CVSS scores: CVE-2026-25727 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25727 SUSE : 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:...

SUSE: Security Advisory (SUSE-SU-2026:0816-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 16 Security Update : virtiofsd (openSUSE-SU-2026:20326-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20326-1 advisory. This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stac...

OPENSUSE-SU-2026:10308-1 virtiofsd-1.13.2-2.1 on GA media

These are all security issues fixed in the virtiofsd-1.13.2-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLED15 / SLES15 Security Update : virtiofsd (SUSE-SU-2026:0819-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0819-1 advisory. This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC...

SUSE SLES15 / openSUSE 15 Security Update : virtiofsd (SUSE-SU-2026:0816-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0816-1 advisory. This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 da...

SUSE-SU-2026:20684-1 Security update for virtiofsd

This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...

OPENSUSE-SU-2026:20326-1 Security update for virtiofsd

This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...

SUSE-SU-2026:0819-1 Security update for virtiofsd

This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...

Security update for virtiofsd

This update for virtiofsd fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Security update for virtiofsd

This update for virtiofsd fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...