GHSA-9493-H29P-RFM2 runc container escape via "masked path" abuse due to mount race conditions

Impact The OCI runtime specification has a maskedPaths feature that allows for files or directories to be "masked" by placing a mount on top of them to conceal their contents. This is primarily intended to protect against privileged users in non-user-namespaced from being able to write to files o...

Security update for runc

This update for runc fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. CVE-2025-52881: Fixed...

SUSE-SU-2025:3951-1 Security update for runc

This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. - CVE-2025-52881: Fixed...

Security update for runc

This update for runc fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. CVE-2025-52881: Fixed...

CVE-2025-31133

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

UBUNTU-CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

PT-2025-45166

Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below Description Youki is a container runtime written in Rust. Insufficient initial validation of the /dev/null source allows for container escape when bind mounting the container's /dev/null as a file mask. This occu...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989892)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989892 advisory. In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip6mrfreetable on failure path ip6mrfreetable can only be...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989940)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989940 advisory. In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988775 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ACPI: utils: Fix reference counting in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988875 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasdaliasgetstartdev due to missing pavgroup Fix Oops in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989572 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink While looking at one unrelated syzb...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989364 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix a potential memory leak in r871xudrvinit In r871xudrvinit, if r8712initdrvs...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989211 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xxbind The commit 46a8b29c6306 net: usb: fix memor...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989755 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the calle...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989574 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for...

USN-7851-1: runC vulnerabilities

Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possibly replace a container's /dev/null with a symlink to some other procfs file and possibly escape a container. CVE-2025-31133 Lei Wang and Li Fubang discovered that runC incorrectly handled the...

PT-2025-45350

Name of the Vulnerable Software and Affected Versions runc versions 1.2.0 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.1 runc versions 1.4.0-rc.1 through 1.4.0-rc.2 Description runc is a CLI tool for spawning and running containers according to the OCI specification. A race condition in the...

Origin Validation Error

@parcel/reporter-dev-server is vulnerable to an Origin Validation Error. The vulnerability is due to the server failing to verify and enforce the Origin header for XMLHttpRequests. An attacker can host a malicious webpage that issues cross-origin XMLHttpRequests to a developer's running dev serve...