Bug 2397724 (CVE-2025-58354)
| Summary: | CVE-2025-58354 kata-containers: Kata Containers coco-tdx malicious host can circumvent initdata verification | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability has been identified in Kata Containers that allows a malicious host to bypass a critical security check designed to validate workloads. On systems using TDX technology for confidential computing, an attacker with control of the host system can intentionally disrupt operations to skip this verification process. This flaw allows the attacker to run unauthorized code inside a secure, isolated virtual environment while making the malicious software appear as a trusted application.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2400558, 2400559 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-09-23 22:01:36 UTC
|