Lucene search
K

491 matches found

RedHat Linux
RedHat Linux
added 2025/11/13 10:51 a.m.13 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/13 9:10 a.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/13 9:10 a.m.6 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References2
OSV
OSV
added 2025/11/13 12:0 a.m.6 views

ALSA-2025:21220 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: runc: container escape and denial of service due to arbitrary write gadgets and procfs...

7.5CVSS6.9AI score0.00523EPSS
Exploits1References4
OSV
OSV
added 2025/11/13 12:0 a.m.5 views

ALSA-2025:21232 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mount and...

8.4CVSS6.8AI score0.0067EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

SUSE SLES15 Security Update : podman (SUSE-SU-2025:4079-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4079-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 - CVE-2025-52565: Fixed...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References9
AlmaLinux
AlmaLinux
added 2025/11/13 12:0 a.m.6 views

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mount and...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References8
SUSE Linux
SUSE Linux
added 2025/11/12 12:49 p.m.25 views

Security update for podman

This update for podman fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252376 CVE-2025-52881: Fixed...

7.8CVSS6.8AI score0.0067EPSS
Exploits4References10
OSV
OSV
added 2025/11/12 12:49 p.m.3 views

SUSE-SU-2025:4081-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252376 - CVE-2025-52881: Fixed...

8.4CVSS6.8AI score0.0067EPSS
Exploits4References6
SUSE Linux
SUSE Linux
added 2025/11/12 12:49 p.m.4 views

Security update for podman

This update for podman fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252376 CVE-2025-52881: Fixed...

7.8CVSS6.9AI score0.0067EPSS
Exploits4References12
SUSE Linux
SUSE Linux
added 2025/11/12 12:48 p.m.15 views

Security update for podman

This update for podman fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252376 CVE-2025-52881: Fixed...

7.8CVSS6.9AI score0.0067EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990739 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsiprochostdirrm decreases a referenc...

5.5CVSS6AI score0.00166EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/11 3:7 p.m.7 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2025/11/09 9:2 a.m.3 views

runc: LSM labels can be bypassed with malicious config using dummy procfs files

...

7.5CVSS6.9AI score0.00523EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/11/07 6:11 p.m.18 views

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.4CVSS7.1AI score0.0067EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2025/11/07 12:19 a.m.13 views

CVE-2025-62596

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

10CVSS6.6AI score0.00243EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.3 views

SUSE SLES12 Security Update : runc (SUSE-SU-2025:3951-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3951-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References8
AlmaLinux
AlmaLinux
added 2025/11/07 12:0 a.m.4 views

Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mou...

8.4CVSS7AI score0.0067EPSS
Exploits4References8
OSV
OSV
added 2025/11/06 9:15 p.m.8 views

AZL-69824 CVE-2025-52881 affecting package moby-runc for versions less than 1.2.8-1

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS6.9AI score0.00523EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/11/06 8:23 p.m.3 views

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS6.3AI score0.00523EPSS
Exploits1
Rows per page
Query Builder