Lucene search
K

492 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.3 views

SUSE SLES12 Security Update : runc (SUSE-SU-2025:3951-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3951-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References8
OSV
OSV
added 2025/11/06 9:15 p.m.8 views

AZL-69824 CVE-2025-52881 affecting package moby-runc for versions less than 1.2.8-1

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS6.9AI score0.00523EPSS
Exploits1References1
CVE
CVE
added 2025/11/06 8:23 p.m.116 views

CVE-2025-52881

CVE-2025-52881 affects runc (versions 1.2.7, 1.3.2, 1.4.0-rc.2). The issue lets an attacker redirect writes to /proc to other procfs files via a racing container with shared mounts (verified in Dockerfile-based parallel builds). This can enable container escape with high impact. Fixed in 1.2.8, 1...

7.5CVSS6.4AI score0.00523EPSS
Exploits1References20Affected Software1
Cvelist
Cvelist
added 2025/11/06 8:23 p.m.15 views

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.3CVSS0.00523EPSS
Exploits1References20
AlpineLinux
AlpineLinux
added 2025/11/06 8:23 p.m.3 views

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS6.3AI score0.00523EPSS
Exploits1
Debian CVE
Debian CVE
added 2025/11/06 8:23 p.m.5 views

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS8.1AI score0.00523EPSS
Exploits1
OSV
OSV
added 2025/11/06 8:23 p.m.5 views

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.3CVSS8.7AI score0.00523EPSS
Exploits1References22
RedhatCVE
RedhatCVE
added 2025/11/06 6:23 a.m.5 views

CVE-2025-31133

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

8.2CVSS6.4AI score0.0067EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2025/11/06 6:23 a.m.5 views

CVE-2025-52881

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

8.2CVSS6.5AI score0.04409EPSS
Exploits2References4
NVD
NVD
added 2025/11/06 12:15 a.m.9 views

CVE-2025-62596

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

10CVSS0.00243EPSS
Exploits0References5
CVE
CVE
added 2025/11/05 11:14 p.m.16 views

CVE-2025-62596

Youki container runtime (Rust) versions ≤ 0.5.6 are affected by a vulnerability in apparmor write-target validation combined with path substitution during pathname resolution. A shared-mount race can substitute intermediate path components, allowing writes to unintended procfs locations and poten...

10CVSS6.2AI score0.00243EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/05 11:14 p.m.5 views

CVE-2025-62596 youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

7.3CVSS6.1AI score0.00243EPSS
Exploits0References5
OSV
OSV
added 2025/11/05 11:14 p.m.7 views

CVE-2025-62596 youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

7.3CVSS6.7AI score0.00243EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/05 11:14 p.m.12 views

CVE-2025-62596 youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

7.3CVSS0.00243EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/05 6:45 p.m.32 views

youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Impact youki’s apparmor handling performs insufficiently strict write-target validation, which—combined with path substitution during pathname resolution—can allow writes to unintended procfs locations. Weak write-target check youki only verifies that the destination lies somewhere under procfs. ...

10CVSS7AI score0.00243EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2025/11/05 6:40 p.m.4 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00523EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/05 6:40 p.m.2 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00523EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/05 6:40 p.m.1 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00523EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/05 6:40 p.m.2 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00523EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/05 6:40 p.m.1 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00523EPSS
Exploits1References3
Rows per page
Query Builder