runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.47 packages and security update

Red Hat OpenShift Container Platform release 4.17.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

SUSE-SU-2026:20123-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out of bounds read bsc1254054 - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an...

RHEL 8 / 9 : OpenShift Container Platform 4.13.63 (RHSA-2026:0676)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0676 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 9 : OpenShift Container Platform 4.17.47 (RHSA-2026:0701)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0701 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

SUSE-SU-2026:20103-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2021-2362:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2362:01 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : runc-1.0.0-66.rc8.el7 (AXSA:2020-4524:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4524:01 advisory. runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 Tenable has extracted the preceding...

MiracleLinux 9 : runc-1.1.9-2.el9_3 (AXSA:2023-7057:04)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-7057:04 advisory. golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 golang: crypto/tls: panic when processing...

MiracleLinux 9 : runc-1.1.9-1.el9 (AXSA:2023-6674:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6674:03 advisory. golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc:...

MiracleLinux 9 : runc-1.1.12-4.el9_4 (AXSA:2024-8755:05)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8755:05 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block...

MiracleLinux 9 : runc-1.1.12-1.el9_3 (AXSA:2024-7505:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7505:01 advisory. runc: file descriptor leak CVE-2024-21626 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

MiracleLinux 8 : container-tools:4.0 (AXSA:2024-7516:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7516:02 advisory. runc: file descriptor leak Leaky Vessels CVE-2024-21626 A Asianux Security Bulletin which addresses further details about the Leaky Vessels flaw is...

MiracleLinux 8 : container-tools:2.0 (AXSA:2021-2355:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2355:01 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-7515:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7515:01 advisory. runc: file descriptor leak CVE-2024-21626 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

MiracleLinux 7 : docker-1.13.1-161.git64e9980.0.1.el7.AXS7 (AXSA:2020-4546:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4546:03 advisory. runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc CVE-2019-16884 proglottis/gpgme: Use-after-free in GPGME binding...

MiracleLinux 9 : runc-1.1.12-3.el9_4 (AXSA:2024-8613:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8613:04 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : runc-1.1.13-4.el9 (AXSA:2024-9101:06)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9101:06 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 9 : runc-1.1.4-1.el9 (AXSA:2023-4702:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4702:01 advisory. runc: incorrect handling of inheritable capabilities CVE-2022-29162 Tenable has extracted the preceding description block directly from the MiracleLinux...