Jan Schaumann @jschauma@mstdn.social
Public

If you're using (edit: pretty much any, including k8s, docker, containerd) containers: congrats! You get to patch three new runc vulnerabilities that could allow for a full container break-out.

CVE-2025-31133: symlink attack on bind-mount of /dev/null for masked paths

github.com/opencontainers/runc

CVE-2025-52565: same as above, but for /dev/console / /dev/pts/$n

github.com/opencontainers/runc

CVE-2025-52881: rehash of CVE-2019-19921, writing LSM labels into a dummy tmpfs

github.com/opencontainers/runc

### Impact ### The OCI runtime specification has a `maskedPaths` feature that allows for files or directories to be "masked" by placing a mount on top of them to conceal their contents. This i...

container escape via "masked path" abuse due to mount race conditions

### Impact ### The OCI runtime specification has a `maskedPaths` feature that allows for files or directories to be "masked" by placing a mount on top of them to conceal their contents. This i...

github.com · GitHub

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://mstdn.social/users/jschauma/statuses/115497683553103053 on your instance and quote it. (Note that quoting is not supported in Mastodon.)