16 matches found
RHCOS 4 : OpenShift Container Platform 4.14.61 (RHSA-2026:0995)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0995 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...
Fedora 44 : util-linux (2026-67cf3d6cca)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-67cf3d6cca advisory. upstream update, fixes security-related bugs CVE-2026-27456 - mount8 TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving lo...
runc: container escape via 'masked path' abuse due to mount race conditions
A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...
runc: container escape via 'masked path' abuse due to mount race conditions
A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...
kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()
A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...
RLSA-2025:21232 Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mount and...
GO-2025-4096 Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runc
Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runc...
ALSA-2025:21232 Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mount and...
PT-2025-45166
Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below Description Youki is a container runtime written in Rust. Insufficient initial validation of the /dev/null source allows for container escape when bind mounting the container's /dev/null as a file mask. This occu...
DEBIAN-CVE-2025-37988
In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNTTREEBENEATH handling by domovemount Normally dolockmountpath, is locking a mountpoint pinned by path and at the time when matching unlockmount unlocks that location it is still pinned by the same thing...
SUSE-SU-2024:0586-1 Security update for docker
This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation bsc1219438. CVE-2024-23652: Fixed arbitrary deletion of files bsc1219268. CVE-2024-23651: Fixed rac...
SUSE: Security Advisory (SUSE-SU-2020:0376-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : container-tools:rhel8 (CESA-2020:1650)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 - containers/image: Container...
SUSE SLES15 Security Update : runc (SUSE-SU-2020:0944-1)
This update for runc fixes the following issues : runc was updated to v1.0.0rc10 CVE-2019-19921: Fixed a mount race condition with shared mounts bsc1160452. Fixed an issue where podman run hangs when spawned by salt-minion process bsc1149954. Note that Tenable Network Security has extracted the...
SUSE-SU-2020:0944-1 Security update for runc
This update for runc fixes the following issues: runc was updated to v1.0.0rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts bsc1160452. - Fixed an issue where podman run hangs when spawned by salt-minion process bsc1149954...
RHEL 7 : runc (RHSA-2020:0942)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0942 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: volum...