A security issue has been discovered in the HCP OpenShift Virtualization provider that allows unauthorized users to gain access to HCP worker node root volumes. The attack vector is a component called kubevirt-csi, which provides the ability for an HCO OCP-Virt guest cluster to be configured in a way that lets the guest cluster use the same underlying storage as the infrastructure cluster the VMs are running in. Through the use of kubevirt-csi and a well crafted PV within the HCP OCP-Virt guest cluster, a user who has the ability to create PVs can gain access to any node's root volume by crafting a PV volumeHandle that matches the name of a worker node VM's root volume PVC. That name is trivial to predict because it is the node's name followed by "-rhcos". The result is the user can then get kubevirt-csi to attach any node's root volume to a pod workload within the guest cluster as a PVC.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1559 https://access.redhat.com/errata/RHSA-2024:1559
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1891 https://access.redhat.com/errata/RHSA-2024:1891
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2047 https://access.redhat.com/errata/RHSA-2024:2047
Upstream, this was addressed via commit: https://github.com/kubevirt/csi-driver/pull/103/commits/a61f36c42700f54352919318ed806d1ae2d716f4