CVE-2025-31133 Linuxfoundation — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.8 (HIGH)
Affected Versions	1.3.0 — 1.3.3
Fixed In	1.2.8
Type	CWE-61 (UNIX Symlink Following (Переход по символическим ссылкам)), CWE-363
Vendor	Linuxfoundation
Public PoC	No

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths.

This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

Attack Parameters

Attack Vector

Local

Нужен локальный доступ

Attack Complexity

High

Сложно эксплуатировать

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-61 UNIX Symlink Following (Переход по символическим ссылкам)

CWE-363

Vulnerable Products 1

linuxfoundation:runc

Known Affected Software Configurations 4

Configuration	From (including)	Up to (excluding)
Linuxfoundation Runc cpe:2.3:a:linuxfoundation:runc::::::::	—	`1.2.8`
Linuxfoundation Runc cpe:2.3:a:linuxfoundation:runc::::::::	`1.3.0`	`1.3.3`
Linuxfoundation Runc cpe:2.3:a:linuxfoundation:runc:1.4.0:rc1::::::	—	—
Linuxfoundation Runc cpe:2.3:a:linuxfoundation:runc:1.4.0:rc2::::::	—	—