CVE-2024-21626

CVE-2024-21626 affects runc prior to 1.1.12, with a file descriptor leak enabling container escapes from containerized processes (e.g., runc exec/run) and potential host filesystem access. The CVE description specifies attacks that could overwrite host binaries and escape to the host filesystem. ...

CVE-2019-5736

CVE-2019-5736 affects runc as shipped in Docker before 18.09.2 and other products, enabling a container to overwrite the host runc binary via /proc/self/exe and gain host root. Root cause: file-descriptor mishandling in runc leading to command execution as root inside a container. Affected versio...

CVE-2022-24769

CVE-2022-24769 affects Moby (Docker Engine) before 20.10.14. The bug starts containers with non-empty inheritable Linux process capabilities, enabling programs with inheritable file capabilities to elevate to the container’s permitted set during execve, potentially impacting containers using Linu...

CVE-2021-30465

CVE-2021-30465 affects runc and enables a Container Filesystem Breakout via Directory Traversal through a symlink-exchange attack with a race condition. Affected products shown in connected docs include runc before certain patched builds; Debian LTS and various Linux distributors list fixes and u...

CVE-2019-19921

Technical details about CVE-2019-19921 are not publicly available in the provided Connected documents. The entries reference related advisories, but no concrete affected versions, root cause, or fixes are included here. Monitor for updates.

CVE-2023-27561

CVE-2023-27561 affects runc; a race condition in volume mounts between two containers with shared mounts can enable an escalation of privileges via libcontainer/rootfs_linux.go. The issue is a regression of CVE-2019-19921 and requires two containers with custom volume-mount configurations and cus...

CVE-2022-29162

CVE-2022-29162 affects runc prior to version 1.1.2, where runc exec --cap could create processes with inheritable Linux capabilities, enabling elevation of capabilities to the permitted set during execve. The issue does not affect the container sandbox since the inheritable set is bounded by the ...

CVE-2023-25809

CVE-2023-25809 affects runc (rootless and certain host configurations) where rootless runc can make /sys/fs/cgroup writable under two conditions: 1) inside a user namespace without unsharing cgroup namespace (e.g., docker/podman/nerdctl run --cgroupns=host), or 2) outside the user namespace with ...

CVE-2023-28642

Summary (concrete details): The CVE-2023-28642 issue affects the container runtime components, notably the runC tool. The root cause is an AppArmor bypass when a container’s /proc is symlinked under a specific mount configuration, enabling an attacker with local access to bypass confinement. The ...

CVE-2019-16884

Summary of CVE-2019-16884 (runc) : The vulnerability affects runc (as used in Docker and similar), where a flaw in libcontainer/rootfs_linux.go allows an AppArmor/SELinux restriction bypass by a malicious image that can mount over a container’s /proc directory. This arises from an incorrect check...

CVE-2024-45310

CVE-2024-45310 affects runc 1.1.13 and earlier and 1.2.0-rc2 and earlier, where sharing a volume between two containers can trigger a race with os.MkdirAll to create empty files or directories in arbitrary host paths. An attacker must be able to start containers with a custom volume configuration...

CVE-2021-43784

CVE-2021-43784 affects runc prior to 1.0.3, where a 16‑bit length field overflow in netlink bytemsg allowed an attacker who can influence container configuration to have the parsed payload override netlink-based container configuration and disable namespaces. Impact: potential namespace bypass by...

CVE-2025-31133

CVE-2025-31133 (runc) affects the runc runtime when using certain bind-mount sources, where verification of the source inode for "/dev/null" could be bypassed. Affected versions include 1.2.7 and earlier, 1.3.0-rc.1 through 1.3.1, and 1.4.0-rc.1 and 1.4.0-rc.2. The issue enables an attacker to pe...

CVE-2016-3697

CVE-2016-3697 affects Docker runtimes (libcontainer/user/user.go in runC) up to Docker 1.11.2, where a numeric UID is misinterpreted as a username in /etc/passwd inside a container, enabling local privilege escalation. The issue is tied to the runC/opencontainers code path (libcontainer) and allo...

CVE-2025-52881

CVE-2025-52881 affects runc (versions 1.2.7, 1.3.2, 1.4.0-rc.2). The issue lets an attacker redirect writes to /proc to other procfs files via a racing container with shared mounts (verified in Dockerfile-based parallel builds). This can enable container escape with high impact. Fixed in 1.2.8, 1...

CVE-2025-52565

CVE-2025-52565 affects moby-runc (and thus the runc runtime) with versions less than 1.2.8-1. Affected component is the bind-mount of /dev/pts/$n to /dev/console, leading to container escapes or denial of service via writable gadget exposure. The connected MARINER advisories confirm an upgraded p...