2415776 – (CVE-2025-64324) CVE-2025-64324 kubevirt.io/kubevirt: KubeVirt: Arbitrary file read/write and privilege escalation via hostDisk feature

Bug 2415776 (CVE-2025-64324) - CVE-2025-64324 kubevirt.io/kubevirt: KubeVirt: Arbitrary file read/write and privilege escalation via hostDisk feature

Summary: CVE-2025-64324 kubevirt.io/kubevirt: KubeVirt: Arbitrary file read/write and ...

Keywords:
Status:	NEW
Alias:	CVE-2025-64324
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-18 23:01 UTC by OSIDB Bzimport
Modified:	2025-11-25 22:15 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-18 23:01:24 UTC

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.

Note You need to log in before you can comment on or make changes to this bug.