Количество 49
Количество 49
openSUSE-SU-2025:20072-1
Security update for runc
SUSE-SU-2025:4081-1
Security update for podman
SUSE-SU-2025:4080-1
Security update for podman
SUSE-SU-2025:4079-1
Security update for podman
SUSE-SU-2025:4077-1
Security update for runc
SUSE-SU-2025:4073-2
Security update for runc
SUSE-SU-2025:4073-1
Security update for runc
SUSE-SU-2025:3951-1
Security update for runc
SUSE-SU-2025:3950-1
Security update for runc
RLSA-2025:21232
Important: container-tools:rhel8 security update
RLSA-2025:20957
Important: runc security update
ELSA-2025-21232
ELSA-2025-21232: container-tools:rhel8 security update (IMPORTANT)
ELSA-2025-20957
ELSA-2025-20957: runc security update (IMPORTANT)
ELSA-2025-19927
ELSA-2025-19927: runc security update (IMPORTANT)
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-31133
runc container escape via "masked path" abuse due to mount race conditions
CVE-2025-31133
runc is a CLI tool for spawning and running containers according to th ...
GHSA-9493-h29p-rfm2
runc container escape via "masked path" abuse due to mount race conditions
BDU:2025-14041
Уязвимость функции maskedPaths инструмента для запуска изолированных контейнеров runc, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | openSUSE-SU-2025:20072-1 Security update for runc | около 2 месяцев назад | ||
| SUSE-SU-2025:4081-1 Security update for podman | 2 месяца назад | ||
| SUSE-SU-2025:4080-1 Security update for podman | 2 месяца назад | ||
| SUSE-SU-2025:4079-1 Security update for podman | 2 месяца назад | ||
| SUSE-SU-2025:4077-1 Security update for runc | 2 месяца назад | ||
| SUSE-SU-2025:4073-2 Security update for runc | около 2 месяцев назад | ||
| SUSE-SU-2025:4073-1 Security update for runc | 2 месяца назад | ||
| SUSE-SU-2025:3951-1 Security update for runc | 2 месяца назад | ||
| SUSE-SU-2025:3950-1 Security update for runc | 2 месяца назад | ||
 | RLSA-2025:21232 Important: container-tools:rhel8 security update | около 2 месяцев назад | ||
| RLSA-2025:20957 Important: runc security update | около 2 месяцев назад | ||
| ELSA-2025-21232 ELSA-2025-21232: container-tools:rhel8 security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-20957 ELSA-2025-20957: runc security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-19927 ELSA-2025-19927: runc security update (IMPORTANT) | 2 месяца назад | ||
 | CVE-2025-31133 runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3. | CVSS3: 7.8 | 0% Низкий | 2 месяца назад |
 | CVE-2025-31133 runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3. | CVSS3: 7.8 | 0% Низкий | 2 месяца назад |
 | CVE-2025-31133 runc container escape via "masked path" abuse due to mount race conditions | 0% Низкий | 2 месяца назад | |
| CVE-2025-31133 runc is a CLI tool for spawning and running containers according to th ... | CVSS3: 7.8 | 0% Низкий | 2 месяца назад |
| GHSA-9493-h29p-rfm2 runc container escape via "masked path" abuse due to mount race conditions | 0% Низкий | 2 месяца назад | |
 | BDU:2025-14041 Уязвимость функции maskedPaths инструмента для запуска изолированных контейнеров runc, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 8.2 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу