Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 401
Alerts This Week
Warning Icon 1 401

Ubuntu 25.10: runC Critical Denial of Service Threat USN-7851-2

ubuntu
Calendar Grey November 24, 2025
Dist Ubuntu Esm H88
Updates available for Ubuntu addressing regressions in runC related to container escape vulnerabilities. Immediate action recommended.
USN-7851-1 introduced a regression in runC

Summary

USN-7851-1 introduced a regression in runC

Software Description:

- runc-app: Open Container Project

- runc-stable: Open Container Project

Details:

USN-7851-1 fixed vulnerabilities in runC. The introduction of a new

upstream release has caused regressions in runc-app and runc-stable.

This update fixes the problem.

Original advisory details:

Lei Wang and Li Fubang discovered that runC incorrectly handled masked

paths. An attacker could possibly replace a container's /dev/null

with a symlink to some other procfs file and possibly escape a container.

(CVE-2025-31133)

Lei Wang and Li Fubang discovered that runC incorrectly handled the

/dev/console bind-mounts. An attacker could potentially exploit this issue

to build-mount a symlink and escape a container. (CVE-2025-52565)

Li Fubang and Tõnis Tiigi discovered that the fix for CVE-2019-16884 was

incomplete. An attacker could possibly use this issue to cause a denial of

service or escape the container. (CVE-2025-52881)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  runc                            1.3.3-0ubuntu1~25.10.3
  runc-stable                     1.3.3-0ubuntu1~25.10.3

Ubuntu 25.04
  runc                            1.3.3-0ubuntu1~25.04.3

Ubuntu 24.04 LTS
  runc                            1.3.3-0ubuntu1~24.04.3

Ubuntu 22.04 LTS
  runc                            1.3.3-0ubuntu1~22.04.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7851-2

https://ubuntu.com/security/notices/USN-7851-1

https://bugs.launchpad.net/ubuntu/+source/runc/+bug/2130744

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7851-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.