Описание
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/bionic | ignored | backport too intrusive |
| esm-apps/noble | ignored | backport too intrusive |
| esm-apps/xenial | ignored | backport too intrusive |
| esm-infra/focal | ignored | backport too intrusive |
| jammy | ignored | backport too intrusive |
| noble | ignored | backport too intrusive |
| plucky | ignored | backport too intrusive |
| questing | ignored | backport too intrusive |
| upstream | released | 1.2.8,1.3.3,1.4.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.3.3-0ubuntu1 |
| esm-apps/focal | ignored | backport too intrusive |
| esm-apps/jammy | released | 1.3.3-0ubuntu1~22.04.2 |
| jammy | released | 1.3.3-0ubuntu1~22.04.2 |
| noble | released | 1.3.3-0ubuntu1~24.04.2 |
| plucky | released | 1.3.3-0ubuntu1~25.04.2 |
| questing | released | 1.3.3-0ubuntu1~25.10.2 |
| upstream | released | 1.2.8,1.3.3,1.4.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 1.3.3-0ubuntu1 |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| questing | released | 1.3.3-0ubuntu1~25.10.2 |
| trusty | DNE | |
| upstream | released | 1.2.8,1.3.3,1.4.1 |
| xenial | DNE |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
runc container escape via "masked path" abuse due to mount race conditions
runc is a CLI tool for spawning and running containers according to th ...
runc container escape via "masked path" abuse due to mount race conditions
Уязвимость функции maskedPaths инструмента для запуска изолированных контейнеров runc, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.8 High
CVSS3