UBUNTU-CVE-2025-52881
- Source
- https://ubuntu.com/security/CVE-2025-52881
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-52881.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-52881
- Upstream
- Downstream
- Related
- Published
- 2025-11-05T09:00:00Z
- Modified
- 2025-11-13T05:30:23Z
- Severity
-
- 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Ubuntu - high
- Summary
- [none]
- Details
-
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
- References
Affected packages
Ubuntu:20.04:LTS
runc
Package
- Name
- runc
- Purl
- pkg:deb/ubuntu/runc@1.1.7-0ubuntu1~20.04.5?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0.0~rc8+git20190923.3e425f80-0ubuntu1
1.0.0~rc10-0ubuntu1
1.0.0~rc93-0ubuntu1~20.04.1
1.0.0~rc93-0ubuntu1~20.04.2
1.0.0~rc95-0ubuntu1~20.04.1
1.0.0~rc95-0ubuntu1~20.04.2
1.0.1-0ubuntu2~20.04.1
1.1.0-0ubuntu1~20.04.1
1.1.0-0ubuntu1~20.04.2
1.1.4-0ubuntu1~20.04.1
1.1.4-0ubuntu1~20.04.2
1.1.4-0ubuntu1~20.04.3
1.1.7-0ubuntu1~20.04.1
1.1.7-0ubuntu1~20.04.2
1.1.7-0ubuntu1~20.04.4
1.1.7-0ubuntu1~20.04.5
runc-app
Ubuntu:22.04:LTS
runc
Package
- Name
- runc
- Purl
- pkg:deb/ubuntu/runc@1.1.7-0ubuntu1~22.04.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
runc-app
Ubuntu:24.04:LTS
runc
Package
- Name
- runc
- Purl
- pkg:deb/ubuntu/runc@1.1.12+ds1-2ubuntu1.3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
runc-app
Package
- Name
- runc-app
- Purl
- pkg:deb/ubuntu/runc-app@1.3.3-0ubuntu1~24.04.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.3-0ubuntu1~24.04.2
Ubuntu:25.04
runc
Package
- Name
- runc
- Purl
- pkg:deb/ubuntu/runc@1.1.15+ds1-2ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
runc-app
Ubuntu:25.10
runc
runc-app
runc-stable
Ubuntu:Pro:16.04:LTS
runc
Package
- Name
- runc
- Purl
- pkg:deb/ubuntu/runc@1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0.8+dfsg-2
0.1.1-0ubuntu5~16.04
1.*
1.0.0~rc1-0ubuntu1~16.04
1.0.0~rc1-0ubuntu2~16.04.1
1.0.0~rc1-0ubuntu2~16.04.1.1
1.0.0~rc2-0ubuntu2~16.04.1
1.0.0~rc2+docker1.12.6-0ubuntu1~16.04.1
1.0.0~rc2+docker1.13.1-0ubuntu1~16.04.1
1.0.0~rc2+docker1.13.1-0ubuntu1~16.04.2
1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.3
1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4
1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm1
1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2
1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4",
"binary_name": "golang-github-opencontainers-runc-dev"
},
{
"binary_version": "1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4",
"binary_name": "runc"
}
],
"priority_reason": "runc developers have rated this as being high severity"
}Ubuntu:Pro:18.04:LTS
runc
Package
- Name
- runc
- Purl
- pkg:deb/ubuntu/runc@1.1.4-0ubuntu1~18.04.2+esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0.0~rc2+docker1.13.1-0ubuntu1
1.0.0~rc4+dfsg1-2
1.0.0~rc4+dfsg1-6
1.0.0~rc4+dfsg1-6ubuntu0.18.04.1
1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.1
1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.2
1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.2+esm1
1.0.0~rc10-0ubuntu1~18.04.1
1.0.0~rc10-0ubuntu1~18.04.2
1.0.0~rc93-0ubuntu1~18.04.1
1.0.0~rc93-0ubuntu1~18.04.2
1.0.0~rc95-0ubuntu1~18.04.1
1.0.0~rc95-0ubuntu1~18.04.2
1.0.1-0ubuntu2~18.04.1
1.1.0-0ubuntu1~18.04.1
1.1.4-0ubuntu1~18.04.1
1.1.4-0ubuntu1~18.04.2
1.1.4-0ubuntu1~18.04.2+esm1