openEuler-SA-2026-2527

Details

Synopsis:

kata-containers security updateSummary:

An update for kata-containers is now available for openEuler-24.03-LTS-SP1Description:

This is core component of Kata Container, to make it work, you need a isulad/docker engine.

Security Fix(es):

'This vulnerability was fixed in Kata Containers 3.31.0:', 'Description:\n\nIn the runtime-rs standalone virtio-fs path, Kata Containers runs virtiofsd\nas root with --sandbox none --seccomp none.\n\nIf an attacker has root-equivalent execution inside the Kata guest VM,\nthey can send raw FUSE requests directly to the host virtiofsd.\n\nThen, a raw FUSE_SYMLINK request whose new symlink name is\nan absolute host path is honored outside the virtio-fs shared directory.\n\nThis lets guest root create host-root-owned symlinks in sensitive host paths.\n\nCVE: CVE-2026-47243\nGHSA: GHSA-2gv2-cffp-j227\n\nOriginal report:', '---\nAurelien Bombo\nKata Containers Vulnerability Management Team'Topic:

An update for kata-containers is now available for openEuler-24.03-LTS-SP1.

openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:

HighAffected Component:

kata-containers

Affected Packages

kata-containers

openEuler 24.03-LTS-SP1

Fixed in:

3.2.0-22.oe2403sp1

References

WEB

https://nvd.nist.gov/vuln/detail/CVE-2026-47243

ADVISORY

https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2527.json

ADVISORY

https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-47243&packageName=kata-containers

ADVISORY

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2527