runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

RHSA-2025:19912 Red Hat Security Advisory: bind security update

Bulletin has no description...

bind security update

An update is available for bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain Name...

RLSA-2025:19835 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

CVE-2025-62161

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

AlmaLinux 8 : bind9.16 (ALSA-2025:19793)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19793 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the precedi...

Oracle Linux 10 : bind (ELSA-2025-19912)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19912 advisory. - Fix upstream reported regression in recent CVE fix CVE-2025-8677 - Refuse malformed DNSKEY records CVE-2025-8677 - Address various spoofing attacks...

RockyLinux 8 : bind (RLSA-2025:19835)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:19835 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 Tenable has extracted the preceding description block directly from the RockyLinux security...

AlmaLinux 8 : bind (ALSA-2025:19835)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19835 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-1255)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1255 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.This issue affects BIND 9 versions 9.11.0 throug...

RHEL 10 : bind (RHSA-2025:19912)

"The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19912 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

SUSE SLES12 Security Update : bind (SUSE-SU-2025:3976-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:3976-1 advisory. - CVE-2025-40778: Address various spoofing attacks bsc1252379. Tenable has extracted the preceding description block directly from the SUSE security...

AZL-70513 CVE-2025-52565 affecting package buildah 1.18.0-29

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

AZL-70589 CVE-2025-52565 affecting package kubernetes for versions less than 1.30.10-16

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

AZL-69821 CVE-2025-52565 affecting package moby-runc for versions less than 1.2.8-1

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565

CVE-2025-52565 affects moby-runc (and thus the runc runtime) with versions less than 1.2.8-1. Affected component is the bind-mount of /dev/pts/$n to /dev/console, leading to container escapes or denial of service via writable gadget exposure. The connected MARINER advisories confirm an upgraded p...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...