21 matches found
CVE-2026-41568
A flaw was found in the Moby container framework. A race condition during the docker cp mount setup allows a malicious container to create empty files or directories at arbitrary locations on the host filesystem. This vulnerability can lead to a denial of service by filling up disk space or...
SUSE CVE-2026-41568
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
CVE-2026-41568
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
GHSA-VP62-88P7-QQF5 Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
Summary A race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in...
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
Summary A race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in...
SUSE-SU-2026:20551-1 Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...
SUSE-SU-2026:0479-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container, virt-synchronization-controller-container
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container,...
Exploit for CVE-2025-9074
CVE-2025-9074 – Docker Desktop Windows Container→Host Write...
SUSE-SU-2025:02198-1 Security update for runc
This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: - Update to runc v1.2.6...
Astra Linux – Vulnerability in runc-app
Runc is a CLI tool for spawning and running containers according to the OCI specification. Runc versions 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be exploited by creating empty files or directories in arbitrary locations within the host filesystem. This is achieved by sharing a...
CVE-2024-0134
...
SUSE CVE-2024-0134
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...
AZL-52393 CVE-2024-0134 affecting package nvidia-container-toolkit for versions less than 1.17.1-1
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...
AZL-48519 CVE-2024-45310 affecting package buildah for versions less than 1.41.4-2
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
AZL-48567 CVE-2024-45310 affecting package buildah 1.18.0-29
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
AZL-48525 CVE-2024-45310 affecting package cri-o 1.30.1-1
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
runc 安全漏洞
runc is an Open Container Initiative open source CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc version 1.1.13 and earlier and version 1.2.0-rc2 and earlier, which stems from a contention condition ...
malicious container creates symlink "mtab" on the host External
Impact A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host. A workload built from this Dockerfile: FROM docker.io/library/busybox as source RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc FROM scratch...
PT-2023-9664
Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions 1.16.1 or earlier Description The issue is related to the default mode of operation in NVIDIA Container Toolkit, allowing a specially crafted container image to create empty files on the host file system. This...
Wings 后置链接漏洞
Wings is the server control interface for Pterodactyl Panel. A backlink vulnerability exists in Wings v1.7.x prior to v1.7.3, and v1.11.x prior to v1.11.3, which stems from the ability to create new files and directory structures on the host system that did not previously exist, potentially...