2 matches found
CVE-2025-64437
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
GHSA-2R4R-5X78-MVQF KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...