Three new high-severity bugs in the runc container runtime could allow attackers to escape containers and gain control of the host system. These vulnerabilities are serious even if systems have standard protections in place. Experts warn that malicious actors can exploit these flaws by abusing how runc handles certain files in the container’s procfs, a virtual filesystem that exposes kernel data.

According to Aleksa Sarai, a senior engineer at SUSE and an OCI board member, the bugs revolve around logic errors in runc’s handling of writes to specific procfs files. Attackers can use masked paths, console bind-mounts, or write gadgets to bypass security restrictions and take over the host. Sarai explains that while these exploits often require customized mount setups or untrusted images, they pose a real threat to containerized environments like Docker and Kubernetes.

Masked Path Flaw Could Enable Host Access

One of the main issues, tracked as CVE-2025-31133, involves how runc manages masked paths. Normally, a container might replace a file with a bind-mount to /dev/null, a special file that discards data. But if an attacker can make /dev/null a symlink pointing to a sensitive procfs file—such as /proc/sys/kernel/core_pattern—runc might mount that file with read-write access. This could give the attacker control over critical system settings or even crash the host.

In some cases, runc ignores missing /dev/null files and proceeds with mounting, which can lead to information leaks. For instance, files like /proc/kcore or /proc/timer_list, which reveal kernel data, might become accessible. Although the attacker can’t directly mount arbitrary host files, these methods can still enable full container escape or cause the host to crash. This flaw affects all versions of runc and has been rated 7.3 out of 10 for severity. Updates have been released in versions 1.2.8, 1.3.3, and 1.4.0-rc.3 to fix the issue.

Console Mounts and Write Bypass Can Lead to Escapes

Another vulnerability, CVE-2025-52565, targets how runc handles /dev/console bind-mounts. An attacker can replace the console’s target path with a symlink, tricking runc into mounting the wrong file. This could give the attacker write access to sensitive procfs files like /proc/sys/kernel/core_pattern or /proc/sysrq-trigger, which could then be used to escape the container.

A third flaw, CVE-2025-52881, involves bypassing Linux security modules such as SELinux and AppArmor. Attackers can redirect writes to procfs files, effectively disabling security labels that normally restrict what a process can do. Once these labels are bypassed, the attacker can write to host files and fully compromise the system. Sarai notes that security modules like SELinux and AppArmor aren’t fully effective against this kind of redirected write attack because the container runtime generally has enough privileges to write to procfs files.

Using rootless containers, which run without root privileges, can help reduce some risks. However, all three vulnerabilities require the attacker to start containers with certain mount configurations, often achievable via untrusted images or Dockerfiles. Monitoring for suspicious symlink behavior can help detect attempted exploits. Security tools like Sysdig have added detection rules for these vulnerabilities, making it easier to spot malicious activity.

In summary, these bugs highlight how important it is to keep container runtimes up to date. Developers and sysadmins should update runc to the patched versions immediately. While some defenses like rootless containers and security modules can help, the best approach is to apply the fixes provided by the runc team and remain vigilant for unusual container behavior.

Inspired by

• https://www.infoworld.com/article/4087331/runtime-bugs-break-container-walls-enabling-root-on-docker-hosts-2.html

Sources

• gmpg.org
• csoonline.com
• seclists.org
• nist.gov
• nist.gov