CVE-2025-62161 youki container escape via "masked path" abuse due to mount race conditions

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

EUVD-2025-37939

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

GHSA-4G74-7CFF-XCV8 youki container escape via "masked path" abuse due to mount race conditions

Impact youki utilizes bind mounting the container's /dev/null as a file mask. When performing this operation, the initial validation of the source /dev/null was insufficient. Specifically, we initially failed to verify whether /dev/null was genuinely present. However, we did perform validation to...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container. An attacker can gain unauthorized write access to sensitive files within the container environment by...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container. An attacker can gain unauthorized write access to sensitive files within the container environment by...

GHSA-QW9X-CQR3-WC7R runc container escape with malicious config due to /dev/console mount and related races

Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following via a race condition in the maskedPaths feature. An attacker can gain unauthorized access to host files, execute arbitrary code with elevated privileges, or cause a denial of service by manipulatin...

GHSA-9493-H29P-RFM2 runc container escape via "masked path" abuse due to mount race conditions

Impact The OCI runtime specification has a maskedPaths feature that allows for files or directories to be "masked" by placing a mount on top of them to conceal their contents. This is primarily intended to protect against privileged users in non-user-namespaced from being able to write to files o...

Security update for runc

This update for runc fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. CVE-2025-52881: Fixed...

SUSE-SU-2025:3951-1 Security update for runc

This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. - CVE-2025-52881: Fixed...

Security update for runc

This update for runc fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. CVE-2025-52881: Fixed...

UBUNTU-CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-31133

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988875 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasdaliasgetstartdev due to missing pavgroup Fix Oops in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989572 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink While looking at one unrelated syzb...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989892)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989892 advisory. In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip6mrfreetable on failure path ip6mrfreetable can only be...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988775 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ACPI: utils: Fix reference counting in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989755 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the calle...

PT-2025-45166

Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below Description Youki is a container runtime written in Rust. Insufficient initial validation of the /dev/null source allows for container escape when bind mounting the container's /dev/null as a file mask. This occu...