7 matches found
GO-2026-5761 Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc
Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc...
CVE-2026-41579
Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.
CVE-2026-41579
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...
CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...
GHSA-XJVP-4FHW-GC47 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...
SUSE-SU-2026:22247-1 Security update for crun
This update for crun fixes the following issue - CVE-2026-47766: crun follows rootfs /dev symlink while creating default devices bsc1268302...