{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/kata-containers/kata-containers--0.0.0-20260519062212-ffa59ce3aa78/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["kata-containers/kata-containers (\u003c 0.0.0-20260519062212-ffa59ce3aa78)"],"_cs_severities":["high"],"_cs_tags":["kata-containers","virtiofs","fuse","privilege-escalation","container-escape"],"_cs_type":"advisory","_cs_vendors":["kata-containers"],"content_html":"\u003cp\u003eA guest-to-host root escape vulnerability exists in Kata Containers when using the runtime-rs standalone virtio-fs path. This configuration, which runs \u003ccode\u003evirtiofsd\u003c/code\u003e on the host as root without sandboxing or seccomp, allows a malicious actor with root privileges inside the Kata guest VM to send raw FUSE requests directly to the host \u003ccode\u003evirtiofsd\u003c/code\u003e. Specifically, the \u003ccode\u003eFUSE_SYMLINK\u003c/code\u003e request can be leveraged to create arbitrary symlinks outside the intended virtio-fs shared directory. By creating symlinks in sensitive host paths like \u003ccode\u003e/etc/cron.d\u003c/code\u003e, an attacker can inject and execute arbitrary code as host root. This attack bypasses the guest kernel\u0026rsquo;s normal filesystem validation and directly interacts with the host\u0026rsquo;s file system management. The vulnerability affects Kata Containers versions prior to commit \u003ccode\u003e2ffd1538a296cff93a357bfba0dfca747480a1f8\u003c/code\u003e, and is reproducible using QEMU and Cloud Hypervisor.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains root-equivalent access inside the Kata guest VM.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the virtio-fs PCI device within the guest using \u003ccode\u003e/sys/devices/pci*\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker takes control of a virtio-fs queue in userspace, bypassing the guest kernel\u0026rsquo;s virtio-fs client.\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003eFUSE_INIT\u003c/code\u003e request to initialize the FUSE connection.\u003c/li\u003e\n\u003cli\u003eAttacker discovers the runtime-rs sandbox ID and constructs the path to a guest-controlled payload, such as \u003ccode\u003e/tmp/kata-go-escape-payload\u003c/code\u003e, using the \u003ccode\u003epassthrough\u003c/code\u003e mount.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a raw \u003ccode\u003eFUSE_SYMLINK\u003c/code\u003e request. The request specifies a new symlink name as an absolute path on the host, e.g., \u003ccode\u003e/etc/cron.d/kata-go-escape-cron-\u0026lt;pid\u0026gt;\u003c/code\u003e, and sets the symlink target to point to the guest-controlled payload through a \u003ccode\u003e/proc/\u0026lt;pid\u0026gt;/root/...\u003c/code\u003e path.\u003c/li\u003e\n\u003cli\u003eThe host \u003ccode\u003evirtiofsd\u003c/code\u003e receives the \u003ccode\u003eFUSE_SYMLINK\u003c/code\u003e request and, due to the lack of proper validation, creates the symlink on the host filesystem in the specified location.\u003c/li\u003e\n\u003cli\u003eHost cron reads the \u003ccode\u003e/etc/cron.d\u003c/code\u003e directory, follows the newly created symlink, and executes the guest-controlled payload as host root.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation leads to complete compromise of the host system, as the attacker gains the ability to execute arbitrary commands as root. This allows the attacker to bypass the Kata Containers isolation and potentially access sensitive data, disrupt services, or further compromise the host infrastructure. The provided PoC demonstrated this vulnerability, confirming guest-root to host-root command execution by creating a proof file in the host\u0026rsquo;s \u003ccode\u003e/run\u003c/code\u003e directory. This bypasses the container\u0026rsquo;s isolation and impacts the entire host system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of Kata Containers that addresses CVE-2026-47243 to prevent exploitation.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events on the host for the execution of unexpected binaries from \u003ccode\u003e/etc/cron.d\u003c/code\u003e using the provided Sigma rule \u003ccode\u003eDetect Cron Job File Creation\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement host-based intrusion detection systems (HIDS) to monitor for suspicious file system activity, particularly the creation of symlinks in sensitive directories such as \u003ccode\u003e/etc/cron.d\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview and harden the configuration of \u003ccode\u003evirtiofsd\u003c/code\u003e to ensure proper validation of file paths and prevent the creation of symlinks outside the intended shared directory.\u003c/li\u003e\n\u003cli\u003eEnable and configure seccomp profiles to restrict the capabilities of the \u003ccode\u003evirtiofsd\u003c/code\u003e process, limiting its ability to perform actions that could lead to privilege escalation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T22:51:24Z","date_published":"2026-05-27T22:51:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-kata-virtiofs-escape/","summary":"A vulnerability in Kata Containers allows a guest root user to escalate privileges to host root by exploiting the virtiofs shared file system to create arbitrary symlinks on the host.","title":"Kata Containers Guest-to-Host Root Escape via Virtiofs FUSE_SYMLINK","url":"https://feed.craftedsignal.io/briefs/2026-05-kata-virtiofs-escape/"}],"language":"en","title":"CraftedSignal Threat Feed — Kata-Containers/Kata-Containers (\u003c 0.0.0-20260519062212-Ffa59ce3aa78)","version":"https://jsonfeed.org/version/1.1"}