Edera Runtime Container

Findings · 15

1. 1 CreateRequest and AttachRequest validation is bypassed Informational
2. 2 Styrolite can mount to directories outside a target container Low
3. 3 Resource limits can be used to set arbitrary cgroup keys Low
4. 4 Styrolite configuration needlessly passes through the filesystem Low
5. 5 SSRF vulnerability in OCI image authentication Low
6. 6 OCI connects to Docker hub mirrors starting with “localhost” using HTTP Informational
7. 7 Two-step directory creation vulnerable to race condition Low
8. 8 Missing call to destroy_map_task Informational
9. 9 Unchecked return values during grant unmapping Low
10. 10 map_vf can fail silently Informational
11. 11 Unsanitized string-wise mount path concatenation in zone crate Low
12. 12 is_edera_runtime_class improperly identifies the runtime class Informational
13. 13 Excessive (4 GB) memory consumption for IDM packets Low
14. 14 Page number overflow can cause driver crash at zone boot Low
15. 15 Workload configuration written to temp file Low

Findings extracted from the published report PDF. See the full report below for details and remediation.