11 matches found
Improper Link Resolution
kubevirt.io/kubevirt is vulnerable to improper link resolution. The vulnerability is due to lack of verification of whether the launcher-sock is a symlink or regular file, which allows an attacker with control over the virt-launcher pod file system to manipulate file ownership on the host and...
SUSE CVE-2025-64437
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
CVE-2025-64437
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
AZL-69805 CVE-2025-64437 affecting package kubevirt for versions less than 1.5.3-2
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
AZL-69970 CVE-2025-64437 affecting package kubevirt for versions less than 0.59.0-33
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
CVE-2025-64437
KubeVirt (virt-handler) vulnerability CVE-2025-64437 affects versions before 1.5.3 and 1.6.1. The issue is that virt-handler does not verify whether the launcher-sock is a symlink or a regular file, allowing an attacker who controls the virt-launcher pod’s filesystem to change ownership of arbitr...
CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
Kubevirt 后置链接漏洞
Kubevirt is an open source virtual machine manager for KubeVirt. A back-linking vulnerability exists in KubeVirt versions prior to 1.5.3 and prior to 1.6.1, which stems from virt-handler not verifying that the launcher-sock is a symbolic link or a regular file, which could result in the ownership...
PT-2025-45440
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw where the virt-handler does not validate if the launcher-sock is a symbolic link or a...