Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.21 views

RHCOS 4 : OpenShift Container Platform 4.14.61 (RHSA-2026:0995)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0995 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...

8.4CVSS7.1AI score0.0067EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.6 views

Fedora 44 : util-linux (2026-67cf3d6cca)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-67cf3d6cca advisory. upstream update, fixes security-related bugs CVE-2026-27456 - mount8 TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving lo...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/27 2:17 a.m.10 views

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

7.8CVSS7.7AI score0.0067EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/03/12 8:57 p.m.7 views

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

7.8CVSS5.8AI score0.0067EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/01/14 12:29 a.m.9 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2025/11/28 9:4 a.m.6 views

RLSA-2025:21232 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mount and...

8.2CVSS6.3AI score0.0067EPSS
Exploits4References4
OSV
OSV
added 2025/11/18 3:44 p.m.4 views

GO-2025-4096 Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runc

Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runc...

7.8CVSS6.8AI score0.0067EPSS
Exploits2References5
OSV
OSV
added 2025/11/13 12:0 a.m.5 views

ALSA-2025:21232 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mount and...

8.4CVSS6.8AI score0.0067EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45166

Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below Description Youki is a container runtime written in Rust. Insufficient initial validation of the /dev/null source allows for container escape when bind mounting the container's /dev/null as a file mask. This occu...

10CVSS6.6AI score0.00236EPSS
Exploits0References11
OSV
OSV
added 2025/05/20 6:15 p.m.1 views

DEBIAN-CVE-2025-37988

In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNTTREEBENEATH handling by domovemount Normally dolockmountpath, is locking a mountpoint pinned by path and at the time when matching unlockmount unlocks that location it is still pinned by the same thing...

4.7CVSS5.6AI score0.00109EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 8:54 a.m.10 views

SUSE-SU-2024:0586-1 Security update for docker

This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation bsc1219438. CVE-2024-23652: Fixed arbitrary deletion of files bsc1219268. CVE-2024-23651: Fixed rac...

10CVSS9.3AI score0.02983EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:0376-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.3AI score0.00457EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.64 views

CentOS 8 : container-tools:rhel8 (CESA-2020:1650)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 - containers/image: Container...

7CVSS6.9AI score0.01849EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/04/08 12:0 a.m.30 views

SUSE SLES15 Security Update : runc (SUSE-SU-2020:0944-1)

This update for runc fixes the following issues : runc was updated to v1.0.0rc10 CVE-2019-19921: Fixed a mount race condition with shared mounts bsc1160452. Fixed an issue where podman run hangs when spawned by salt-minion process bsc1149954. Note that Tenable Network Security has extracted the...

7CVSS6.8AI score0.00457EPSS
Exploits0References5
OSV
OSV
added 2020/04/07 1:49 p.m.5 views

SUSE-SU-2020:0944-1 Security update for runc

This update for runc fixes the following issues: runc was updated to v1.0.0rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts bsc1160452. - Fixed an issue where podman run hangs when spawned by salt-minion process bsc1149954...

7CVSS7AI score0.00457EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/03/24 12:0 a.m.39 views

RHEL 7 : runc (RHSA-2020:0942)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0942 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: volum...

7CVSS6.9AI score0.00457EPSS
Exploits0References5
Rows per page
Query Builder