235 matches found
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
AZL-70592 CVE-2025-31133 affecting package kubernetes for versions less than 1.30.10-16
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
AZL-70547 CVE-2025-31133 affecting package kubernetes for versions less than 1.28.4-21
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
AZL-69818 CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
CVE-2025-31133 runc container escape via "masked path" abuse due to mount race conditions
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
CVE-2025-31133
CVE-2025-31133 (runc) affects the runc runtime when using certain bind-mount sources, where verification of the source inode for "/dev/null" could be bypassed. Affected versions include 1.2.7 and earlier, 1.3.0-rc.1 through 1.3.1, and 1.4.0-rc.1 and 1.4.0-rc.2. The issue enables an attacker to pe...
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
CVE-2025-31133
A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...
CVE-2025-52565
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...
SUSE CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...
SUSE CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...
CVE-2025-62161
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...
CVE-2025-62161 youki container escape via "masked path" abuse due to mount race conditions
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...
youki container escape via "masked path" abuse due to mount race conditions
Impact youki utilizes bind mounting the container's /dev/null as a file mask. When performing this operation, the initial validation of the source /dev/null was insufficient. Specifically, we initially failed to verify whether /dev/null was genuinely present. However, we did perform validation to...
GHSA-QW9X-CQR3-WC7R runc container escape with malicious config due to /dev/console mount and related races
Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container. An attacker can gain unauthorized write access to sensitive files within the container environment by...
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container. An attacker can gain unauthorized write access to sensitive files within the container environment by...
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container. An attacker can gain unauthorized write access to sensitive files within the container environment by...
runc container escape with malicious config due to /dev/console mount and related races
Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...