CNNVD-202511-518 Information
CNNVD ID
CNNVD-202511-518
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
runc是Open Container Initiative开源的一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。 runc 1.2.7及之前版本、1.3.0-rc.1版本至1.3.1版本、1.4.0-rc.1版本和1.4.0-rc.2版本存在安全漏洞,该漏洞源于未充分验证绑定挂载源的真实性,可能导致主机信息泄露、主机拒绝服务、容器逃逸或绕过maskedPaths。
Description (English)
Runc is a CLI (command line interface) tool for the generation and operation of containers in accordance with OCI specifications. Runc 1.2.7 and previous versions, 1.3.0-rc.1 to 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 contain security loopholes that result from insufficient verification of the authenticity of bound mounted sources, which may lead to the disclosure of host information, the denial of host services, the escape of containers or the circumvention of masked Paths.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Open Container Initiative
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522 https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-31133 https://vigilance.fr/vulnerability/runc-privilege-escalation-via-Masked-Path-Mount-Race-48664
Patch
https://github.com/opencontainers/runc/releases
Share on: