vulnerability

Oracle Linux: CVE-2020-28914: ELSA-2021-9028: olcne security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:P/A:P)

Published

Nov 17, 2020

Added

Feb 11, 2021

Modified

Dec 3, 2025

Description

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.

Solutions

oracle-linux-upgrade-kataoracle-linux-upgrade-kata-agentoracle-linux-upgrade-kata-imageoracle-linux-upgrade-kata-ksm-throttleroracle-linux-upgrade-kata-proxyoracle-linux-upgrade-kata-runtimeoracle-linux-upgrade-kata-shimoracle-linux-upgrade-kubeadmoracle-linux-upgrade-kubectloracle-linux-upgrade-kubeletoracle-linux-upgrade-olcne-agentoracle-linux-upgrade-olcne-api-serveroracle-linux-upgrade-olcnectloracle-linux-upgrade-olcne-istio-chartoracle-linux-upgrade-olcne-nginxoracle-linux-upgrade-olcne-prometheus-chartoracle-linux-upgrade-olcne-utils

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report