Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-920)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-920 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum...

[SECURITY] Fedora 41 Update: containerd-1.7.27-1.fc41

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

USN-7374-1: containerd vulnerability

Benjamin Koltermann discovered that containerd incorrectly handled large user id values. This could result in containers possibly being run as root, contrary to expectations...

CVE-2024-40635 containerd has an integer overflow in User ID handling

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

RLSA-2024:9200 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 For more details about the security issues, including the impact, a CVSS score,...

PT-2025-11557

Name of the Vulnerable Software and Affected Versions containerd versions prior to 1.6.38 containerd versions prior to 1.7.27 containerd versions prior to 2.0.4 Description A bug was found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed...

cri-o: Checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

[SECURITY] Fedora 40 Update: crun-1.20-2.fc40

crun is a OCI runtime...

CVE-2025-24965

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

CVE-2025-24965

CVE-2025-24965 affects crun, an OCI container runtime written in C. A malicious container image could abuse the krun handler to escape the container root filesystem and create or modify files on the host, requiring no special permissions beyond write access to the target file. Affected versions a...

CVE-2025-24965 .krun_config.json symlink attack creates or overwrites file on the host in crun

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

crun 路径遍历漏洞

crun is an OCI Open Container Initiative container runtime library written in C from Containers open source. A path traversal vulnerability exists in versions of crun prior to 1.20, which stems from the fact that a malicious container image could trick a krun handler into escaping the root...

cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting

A vulnerability was found in CRI-O. A path traversal issue in the log management functions UnMountPodLogs and LinkContainerLogs may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system...

[SECURITY] Fedora 40 Update: golang-github-nvidia-container-toolkit-1.17.3-1.fc40

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs...

[SECURITY] Fedora 41 Update: golang-github-nvidia-container-toolkit-1.17.3-1.fc41

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs...

cri-o: Checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-2979)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-53540 CVE-2024-8676 affecting package cri-o 1.30.1-1

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

CRI-O 授权问题漏洞

CRI-O is a lightweight container runtime environment for Kubernetes systems open-sourced by CRI-O. CRI-O suffers from an authorization issue vulnerability that stems from allowing an attacker to trick CRI-O into restoring a pod that does not have access to the host mount...

Moderate: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...