A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the intended no-follow protection. An attacker with access to a virt-launcher pod can exploit this to cause virt-handler to apply file ownership or permission changes to an unintended host path.
The following default configurations in OpenShift Virtualization significantly reduce exploitability and impact:
- Ensure SELinux is in enforcing mode (default in OpenShift). This restricts the set of host files that virt-handler can modify through this path, blocking operations on files with protected security labels.
- RHCOS immutable filesystem layers prevent modification of core OS files.
- Review RBAC policies to limit unnecessary pods/exec permissions on virt-launcher pods to reduce the attacker pool.