rpm package
suse/kubevirt&distro=SUSE Linux Enterprise Server for SAP applications 16.0
pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-64324 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Nov 18, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specificall | ||
| CVE-2025-64433 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into | ||
| CVE-2025-64437 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files | ||
| CVE-2025-64435 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the V | ||
| CVE-2025-64434 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api a | ||
| CVE-2025-64432 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api componen | ||
| CVE-2025-22872 | Med | 6.5 | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul | |
| CVE-2024-45310 | — | < 1.7.0-160000.1.1 | 1.7.0-160000.1.1 | Sep 3, 2024 | runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between |
- CVE-2025-64324Nov 18, 2025affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specificall
- CVE-2025-64433Nov 7, 2025affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into
- CVE-2025-64437Nov 7, 2025affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files
- CVE-2025-64435Nov 7, 2025affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the V
- CVE-2025-64434Nov 7, 2025affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api a
- CVE-2025-64432Nov 7, 2025affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api componen
- affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
- CVE-2024-45310Sep 3, 2024affected < 1.7.0-160000.1.1fixed 1.7.0-160000.1.1
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between