HCSEC-2021-31 - Nomad QEMU Task Driver Allowed Paths Bypass with Job Args

Bulletin ID: HCSEC-2021-31
Affected Products / Versions: Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0; fixed in 1.0.14, 1.1.8, and 1.2.1.
Publication Date: November 22, 2021

Nomad and Nomad Enterprise (“Nomad”), with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed paths for images. This vulnerability, CVE-2021-43415, was fixed in Nomad 1.0.14, 1.1.8, and 1.2.1.

Nomad provides first-class support for the QEMU task driver to run virtual machines, which has a client agent configuration option to restrict the allowed image paths that can be used in a job, preventing arbitrary access to the underlying host filesystem.

An external party reported that a Nomad job using the QEMU task driver could be crafted to bypass intended restrictions on the source of the image on the host by using QEMUs -drive CLI flag as an argument in the submitted job.

On investigation, the issue described was found to present possible additional exposure, as the QEMU task driver’s args may facilitate further access to resources on the host. To address this, Nomad’s QEMU task driver configuration logic has been modified to provide an operator with increased control over access to host resources, restricting the QEMU CLI flags available to a job submitter with a new args_allowlist option.

Customers using Nomad’s QEMU task driver should evaluate the risk associated with this issue and consider upgrading to Nomad or Nomad Enterprise 1.0.14, 1.1.8, and 1.2.1, or newer. Please refer to Upgrading Nomad for general guidance and version-specific upgrade notes.

After upgrading, operators will need to configure client agents with the new args_allowlist option, permitting only the QEMU CLI flags necessary for their environment. For example:

plugin "qemu" {
  config {
    image_paths = ["/mnt/image/paths"]
    args_allowlist = ["-drive", "-usbdevice"]

Alternatively, the QEMU task driver may be disabled using the the following client agent configuration snippet:

plugin "qemu" {
enabled = false

This issue was identified by an external party who reported it to HashiCorp.

We deeply appreciate any effort to coordinate disclosure of security vulnerabilities. For information about security at HashiCorp and the reporting of security vulnerabilities, please see Security at HashiCorp.