CVE-2025-52881 - 漏洞详情

CVE-2025-52881 (CNNVD-202511-488)

HIGH

中文标题:

runc 安全漏洞

英文标题:

runc: LSM labels can be bypassed with malicious config using dummy procfs files

CVSS分数: 7.3

发布时间: 2025-11-06 20:23:36

漏洞类型: 其他

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

runc是Open Container Initiative开源的一款用于根据OCI规范生成和运行容器的CLI（命令行界面）工具。 runc 1.2.7版本、1.3.2版本和1.4.0-rc.2版本存在安全漏洞，该漏洞源于攻击者可通过共享挂载的竞争容器误导写入操作，可能导致任意文件写入。

英文描述:

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

CWE类型:

CWE-61 CWE-363

受影响产品

厂商	产品	版本	版本范围	平台	CPE
opencontainers	runc	<= 1.2.7, < 1.2.8	-	-	`cpe:2.3:a:opencontainers:runc:<=_1.2.7,_<_1.2.8:::::::*`
opencontainers	runc	<= 1.3.2, < 1.3.3	-	-	`cpe:2.3:a:opencontainers:runc:<=_1.3.2,_<_1.3.3:::::::*`
opencontainers	runc	<= 1.4.0-rc.2, < 1.4.0-rc.3	-	-	`cpe:2.3:a:opencontainers:runc:<=_1.4.0-rc.2,_<_1.4.0-rc.3:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm x_refsource_CONFIRM
cve.org

访问

https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 x_refsource_MISC
cve.org

访问

https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md x_refsource_MISC
cve.org

访问

http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 x_refsource_MISC
cve.org

访问

http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 x_refsource_MISC
cve.org

访问

CVSS评分详情

4.0 (cna)

HIGH

7.3

CVSS向量: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

机密性

HIGH

完整性

HIGH

可用性

HIGH

后续系统影响 (Subsequent):

机密性

HIGH

完整性

HIGH

可用性

HIGH

时间信息

发布时间:

2025-11-06 20:23:36

修改时间:

2025-11-06 21:07:09

创建时间:

2025-11-11 15:40:40

更新时间:

2025-11-11 16:00:22

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2025-52881`	2025-11-11 15:23:27	2025-11-11 07:40:40
NVD	`nvd_CVE-2025-52881`	2025-11-11 15:01:08	2025-11-11 07:48:27
CNNVD	`cnnvd_CNNVD-202511-488`	2025-11-11 15:13:01	2025-11-11 08:00:22

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 16:00:22

vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202511-488; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 其他
cnnvd_id: 未提取 -> CNNVD-202511-488
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:48:27

data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2025-52881 (CNNVD-202511-488)

中文标题:

runc 安全漏洞

英文标题:

runc: LSM labels can be bypassed with malicious config using dummy procfs files

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

4.0 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史