CVE-2023-32684

Lima (Linux VMs on macOS) prior to v0.16.0 allowed a malicious disk image to read a single host file via a qcow2/vmdk backing file path embedded in the image. It relies on the backing file path string from the instance directory, but Lima does not run as root, limiting full-disk access. The issue...