rpm package
suse/runc&distro=SUSE Enterprise Storage 7.1
pkg:rpm/suse/runc&distro=SUSE%20Enterprise%20Storage%207.1
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52881 | — | < 1.2.7-150000.80.1 | 1.2.7-150000.80.1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have | ||
| CVE-2025-52565 | — | < 1.2.7-150000.80.1 | 1.2.7-150000.80.1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta | ||
| CVE-2025-31133 | — | < 1.2.7-150000.80.1 | 1.2.7-150000.80.1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container | ||
| CVE-2024-45310 | — | < 1.1.14-150000.70.1 | 1.1.14-150000.70.1 | Sep 3, 2024 | runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between | ||
| CVE-2024-21626 | — | < 1.1.11-150000.58.1 | 1.1.11-150000.58.1 | Jan 31, 2024 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h | ||
| CVE-2023-25809 | — | < 1.1.5-150000.41.1 | 1.1.5-150000.41.1 | Mar 29, 2023 | runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n | ||
| CVE-2023-28642 | — | < 1.1.5-150000.41.1 | 1.1.5-150000.41.1 | Mar 29, 2023 | runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin | ||
| CVE-2023-27561 | — | < 1.1.5-150000.41.1 | 1.1.5-150000.41.1 | Mar 3, 2023 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this is | ||
| CVE-2022-31030 | — | < 1.1.3-150000.30.1 | 1.1.3-150000.30.1 | Jun 6, 2022 | containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a | ||
| CVE-2022-1996 | — | < 1.1.10-150000.55.1 | 1.1.10-150000.55.1 | Jun 6, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | ||
| CVE-2022-29162 | — | < 1.1.3-150000.30.1 | 1.1.3-150000.30.1 | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme |
- CVE-2025-52881Nov 6, 2025affected < 1.2.7-150000.80.1fixed 1.2.7-150000.80.1
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have
- CVE-2025-52565Nov 6, 2025affected < 1.2.7-150000.80.1fixed 1.2.7-150000.80.1
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta
- CVE-2025-31133Nov 6, 2025affected < 1.2.7-150000.80.1fixed 1.2.7-150000.80.1
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container
- CVE-2024-45310Sep 3, 2024affected < 1.1.14-150000.70.1fixed 1.1.14-150000.70.1
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between
- CVE-2024-21626Jan 31, 2024affected < 1.1.11-150000.58.1fixed 1.1.11-150000.58.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h
- CVE-2023-25809Mar 29, 2023affected < 1.1.5-150000.41.1fixed 1.1.5-150000.41.1
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n
- CVE-2023-28642Mar 29, 2023affected < 1.1.5-150000.41.1fixed 1.1.5-150000.41.1
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin
- CVE-2023-27561Mar 3, 2023affected < 1.1.5-150000.41.1fixed 1.1.5-150000.41.1
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this is
- CVE-2022-31030Jun 6, 2022affected < 1.1.3-150000.30.1fixed 1.1.3-150000.30.1
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a
- CVE-2022-1996Jun 6, 2022affected < 1.1.10-150000.55.1fixed 1.1.10-150000.55.1
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
- CVE-2022-29162May 17, 2022affected < 1.1.3-150000.30.1fixed 1.1.3-150000.30.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme