Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

Ubuntu 25.10 runC Important Security Fixes Denial of Service USN-7851-1

ubuntu
Calendar Grey November 5, 2025
Dist Ubuntu Esm H88
Several security fixes for runC in Ubuntu 22.04, 24.04, 25.04, and 25.10 prevent attacks on container paths.
Several security issues were fixed in runC.

Summary

Several security issues were fixed in runC.

Software Description:

- runc-app: Open Container Project

- runc-stable: Open Container Project

Details:

Lei Wang and Li Fubang discovered that runC incorrectly handled masked

paths. An attacker could possibly replace a container's /dev/null

with a symlink to some other procfs file and possibly escape a container.

(CVE-2025-31133)

Lei Wang and Li Fubang discovered that runC incorrectly handled the

/dev/console bind-mounts. An attacker could potentially exploit this issue

to build-mount a symlink and escape a container. (CVE-2025-52565)

Li Fubang and Tõnis Tiigi discovered that the fix for CVE-2019-16884 was

incomplete. An attacker could possibly use this issue to cause a denial of

service or escape the container. (CVE-2025-52881)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  runc                            1.3.3-0ubuntu1~25.10.2
  runc-stable                     1.3.3-0ubuntu1~25.10.2

Ubuntu 25.04
  runc                            1.3.3-0ubuntu1~25.04.2

Ubuntu 24.04 LTS
  runc                            1.3.3-0ubuntu1~24.04.2

Ubuntu 22.04 LTS
  runc                            1.3.3-0ubuntu1~22.04.2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-7851-1

CVE-2025-31133, CVE-2025-52565, CVE-2025-52881

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7851-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.