Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Ubuntu 25.10 runC Important Security Fixes Denial of Service USN-7851-1

ubuntu
Calendar Grey November 5, 2025
Dist Ubuntu Esm H88
Several security fixes for runC in Ubuntu 22.04, 24.04, 25.04, and 25.10 prevent attacks on container paths.
Several security issues were fixed in runC.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in runC. Software Description: - runc-app: Open Container Project - runc-stable: Open Container Project Details: Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possibly replace a container's /dev/null with a symlink to some other procfs file and possibly escape a container. (CVE-2025-31133) Lei Wang and Li Fubang discovered that runC incorrectly handled the /dev/console bind-mounts. An attacker could potentially exploit this issue to build-mount a symlink and escape a container. (CVE-2025-52565) Li Fubang and Tõnis Tiigi discovered that the fix for CVE-2019-16884 was incomplete. An attacker could possibly use this issue to cause a denial of service or escape the container. (CVE-2025-52881)

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important runc container escape

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 runc 1.3.3-0ubuntu1~25.10.2 runc-stable 1.3.3-0ubuntu1~25.10.2 Ubuntu 25.04 runc 1.3.3-0ubuntu1~25.04.2 Ubuntu 24.04 LTS runc 1.3.3-0ubuntu1~24.04.2 Ubuntu 22.04 LTS runc 1.3.3-0ubuntu1~22.04.2 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7851-1

CVE-2025-31133, CVE-2025-52565, CVE-2025-52881

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7851-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important runc container escape

Package Information

https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~25.10.2 https://launchpad.net/ubuntu/+source/runc-stable/1.3.3-0ubuntu1~25.10.2 https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~25.04.2 https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~24.04.2 https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~22.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here