CNNVD-202511-495 Information
CNNVD ID
CNNVD-202511-495
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
runc是Open Container Initiative开源的一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。 runc 1.0.0-rc3版本至1.2.7版本、1.3.0-rc.1版本至1.3.2版本和1.4.0-rc.1版本至1.4.0-rc.2版本存在安全漏洞,该漏洞源于绑定挂载/dev/pts/$n到/dev/console时检查不足,可能导致拒绝服务或容器逃逸。
Description (English)
Runc is a CLI (command line interface) tool for the generation and operation of containers in accordance with OCI specifications. Runc 1.0.0-rc3 to 1.2.7, 1.3.0-rc.1 to 1.3.2 and 1.4.0-rc.1 to 1.4.0-rc.2 have a security loophole, which results from inadequate inspection at bound mounted/dev/pts/$n to/dev/console, which may lead to the denial of services or escape of containers.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Open Container Initiative
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398 https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8 https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://vigilance.fr/vulnerability/runc-privilege-escalation-via-dev-console-Mount-48665 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-52565
Patch
https://github.com/opencontainers/runc/releases
Share on: