GHSA-46XP-26XH-HPQH KubeVirt Vulnerable to Arbitrary Host File Read and Write

Summary The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, the implementation of this feature and more specifically the DiskOrCreate option which creates a file if it doesn't exist, has a logic bug that allows an attacker t...

Kubevirt 安全漏洞

Kubevirt is an open source virtual machine manager from KubeVirt. A security vulnerability exists in Kubevirt 1.5.0 and earlier versions, which stems from overprivileged virt-handler service account privileges, which could result in forced migration of VM instances to an attacker-controlled node ...

Kubevirt 后置链接漏洞

Kubevirt is an open source virtual machine manager for KubeVirt. A back-linking vulnerability exists in KubeVirt versions prior to 1.5.3 and prior to 1.6.1, which stems from virt-handler not verifying that the launcher-sock is a symbolic link or a regular file, which could result in the ownership...

KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...

GHSA-2R4R-5X78-MVQF KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...

GHSA-7XGM-5PRM-V5GC KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...

GHSA-GGP9-C99X-54GP KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

PT-2025-45440

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw where the virt-handler does not validate if the launcher-sock is a symbolic link or a...

PT-2025-45512

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt is a virtual machine management add-on for Kubernetes. A flaw exists in the peer verification logic within virt-handler via the verifyPeerCert function. An...

PT-2025-45439

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, has an issue where permissions granted to the virt-handler service account could be misused. Specifically, the ability to update VMIs an...

EUVD-2021-1288

Malware in sbrugna...

openSUSE Security Advisory (SUSE-SU-2025:03278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: This...

SUSE-SU-2025:03278-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: This...

SUSE-SU-2025:02555-1 Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Rever...

CBL Mariner 2.0 Security Update: kubevirt (CVE-2023-26484)

The version of kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-26484 advisory. - KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicio...

SUSE SLES15 / openSUSE 15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (SUSE-SU-2024:2669-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2669-1 advisory. - Update to version 1.2.2 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.2 Release notes...

SUSE-SU-2024:2639-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Updat...