216.73.217.22

CVE-2026-24054

· Published 29/01/2026 18:16 · Modified 29/01/2026 18:54

Labels: CVE-2026-24054 2026-01-29CVE-2026-24054CWE-754[email protected]

Essential information

Published
29/01/2026 18:16
Modified
29/01/2026 18:54
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter directory for the container rootfs. When the Kata runtime attempts to mount the container rootfs, the bind mount causes the rootfs to be detected as a block device, leading to the underlying device being hotplugged to the guest. This can cause filesystem-level errors on the host due to double inode allocation, and may lead to the host's block device being mounted as read-only. Version 3.26.0 contains a patch for the issue.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
kata containers / kata containers cpe:2.3:a:kata_containers:kata_containers:<3.26.0:*:*:*:*:*:*:*

References