Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Amazon Linux 2023 : runc (ALAS2023-2025-1263)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1263 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

runc security update

4:1.2.5-3 - Add relevant patches to CVEs - Resolves: RHEL-122402 4:1.2.5-2 - fix CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 - Resolves: RHEL-122402 - Resolves: RHEL-122404 - Resolves: RHEL-122415 4:1.2.5-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.2.5 - Related: RHEL-60...

ALSA-2025:19927 Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mou...

SUSE SLES12 Security Update : runc (SUSE-SU-2025:3951-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3951-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2025-077 (ALASECS-2025-077)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-077 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-072 (ALASNITRO-ENCLAVES-2025-072)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-072 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : runc (SUSE-SU-2025:3950-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3950-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : runC vulnerabilities (USN-7851-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7851-1 advisory. Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possibly replace a container'...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-078 (ALASDOCKER-2025-078)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-078 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

AZL-69826 CVE-2025-52881 affecting package runc for versions less than 1.3.3-1

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

AZL-70586 CVE-2025-52881 affecting package kubernetes for versions less than 1.30.10-18

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

AZL-69824 CVE-2025-52881 affecting package moby-runc for versions less than 1.2.8-1

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

EUVD-2025-37940

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...