All news with #runc tag

High-severity runc bugs allow container breakouts via procfs

⚠ Three high-severity vulnerabilities in the runc container runtime allow attackers to escape containers and gain host-level privileges by abusing masked paths, console bind-mounts, and redirected writes to procfs. Aleksa Sarai of SUSE and the OCI described logic flaws that let runc mount or write to sensitive /proc targets, including /proc/sys/kernel/core_pattern and /proc/sysrq-trigger. Patches are available in runc 1.2.8, 1.3.3 and 1.4.0-rc.3; administrators should update promptly, favor rootless containers where feasible, and monitor for suspicious symlink behaviour.

Critical runC Vulnerabilities Allow Docker Container Escape

⚠️ Three newly disclosed vulnerabilities in runC (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could allow attackers to bypass container isolation and obtain root write access on the host. The issues involve manipulated bind mounts and redirected writes to /proc, and one flaw affects runC releases back to 1.0.0-rc3. Patches are available in recent runC releases; administrators should update, monitor for suspicious symlink/mount activity, and consider enabling user namespaces or running rootless containers as mitigations.