github.com/kata-containers/runtime is vulnerable to arbitrary code execution. The vulnerability exists because the addHypervisorConfigOverrides
function of utils.go
executes binaries using annotations without validation, allowing an attacker to inject and execute malicious binaries as root on the worker nodes.
github.com/kata-containers/kata-containers/commit/c2a186b18c91541c8917a3695dfde2b71af5baa0
github.com/kata-containers/kata-containers/issues/901
github.com/kata-containers/kata-containers/pull/984
github.com/kata-containers/runtime/commit/3317bf70e1b1f5ebd29f777c062401a5bda233dd
github.com/kata-containers/runtime/commit/88b0544ede0c6e31febd40fa69653260de9530b1
github.com/kata-containers/runtime/issues/3004
github.com/kata-containers/runtime/pull/3060
github.com/kata-containers/runtime/pull/3061