runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Astra Linux – Vulnerability in runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2, and 1.4.0-rc.2, an attacker can trick runc into redirecting write operations to /proc to other procfs files by using a racing container with shared mounts. We have also verified th...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:21232)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21232 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

Important: runc

Issue Overview: A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this...

runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration

A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Exploit for OS Command Injection in Docker

This is a PoC Proof of Concept exploit for CVE-2019-5736, a vulnerability in the runc binary of the Docker container runtime. The exploit is implemented in Go and is designed to overwrite the runc binary on the host system from within a container. The exploit works by overwriting the /bin/sh bina...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

UBUNTU-CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

runc: Execution of malicious containers allows for container escape and access to host filesystem

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system...

RSAC 2019: Container Escape Hack Targets Vulnerable Linux Kernel

Researchers at CyberArk have created a proof-of-concept attack that allows adversaries to bypass container security, escape the container and compromise an entire host system. However, the attack scenario is limited, in that a successful attack depends on unpatched vulnerabilities to be present i...

runc: Execution of malicious containers allows for container escape and access to host filesystem

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system...

runc: Execution of malicious containers allows for container escape and access to host filesystem

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system...

runc: Execution of malicious containers allows for container escape and access to host filesystem

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system...