3 matches found
CVE-2025-62161
Summary: CVE-2025-62161 affects Youki container runtime prior to v0.5.7, where the initial validation of the host path /dev/null is insufficient when Youki bind-mounts the container’s /dev/null as a mask. This race/validation flaw can enable container escape under bind-mmount scenarios. Root caus...
CVE-2025-54867
Youki (Rust-based container runtime) before v0.5.5 is vulnerable: if /proc and /sys in the rootfs are symbolic links, an attacker with local access could potentially gain access to the host root filesystem. Root cause: improper handling of symbolic links in rootfs; impact: high (host filesystem a...
CVE-2025-62596
Youki container runtime (Rust) versions ≤ 0.5.6 are affected by a vulnerability in apparmor write-target validation combined with path substitution during pathname resolution. A shared-mount race can substitute intermediate path components, allowing writes to unintended procfs locations and poten...