2404715 – (CVE-2025-52881) CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Bug 2404715 (CVE-2025-52881) - CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Summary: CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of s...

Keywords:
Status:	NEW
Alias:	CVE-2025-52881
Deadline:	2025-11-05
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2412965 2423984 2423988 2423992 2423996 2423997 2423998 2423999 2424000 2424001 2424002 2424003 2424004 2424005 2424006 2424007 2424008 2424009 2424010 2424012 2424013 2424014 2424015 2424016 2424017 2424022 2424023 2424027 2424030 2424031 2424032 2424033 2424034 2424035 2424036 2424037 2424038 2424039 2424040 2424041 2424043 2424045 2424046 2424053 2424055 2424057 2424068 2424069 2424072 2424075 2412964 2423983 2423985 2423986 2423987 2423989 2423990 2423991 2423993 2423994 2423995 2424011 2424018 2424019 2424020 2424021 2424024 2424025 2424026 2424028 2424029 2424044 2424048 2424051 2424059 2424060 2424063 2424066 2424071 2424073 2424074
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-17 15:10 UTC by OSIDB Bzimport
Modified:	2026-02-05 16:31 UTC (History)
CC List:	111 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:19927	None	None	None	2025-11-07 18:01:05 UTC
Red Hat Product Errata	RHSA-2025:20957	None	None	None	2025-11-11 15:00:21 UTC
Red Hat Product Errata	RHSA-2025:21220	None	None	None	2025-11-13 09:03:34 UTC
Red Hat Product Errata	RHSA-2025:21232	None	None	None	2025-11-13 10:36:13 UTC
Red Hat Product Errata	RHSA-2025:21328	None	None	None	2025-11-20 07:48:48 UTC
Red Hat Product Errata	RHSA-2025:21633	None	None	None	2025-11-18 00:12:20 UTC
Red Hat Product Errata	RHSA-2025:21634	None	None	None	2025-11-18 00:23:27 UTC
Red Hat Product Errata	RHSA-2025:21702	None	None	None	2025-11-18 15:27:04 UTC
Red Hat Product Errata	RHSA-2025:21795	None	None	None	2025-11-27 04:22:44 UTC
Red Hat Product Errata	RHSA-2025:21824	None	None	None	2025-11-27 11:07:19 UTC
Red Hat Product Errata	RHSA-2025:22011	None	None	None	2025-11-25 05:17:11 UTC
Red Hat Product Errata	RHSA-2025:22012	None	None	None	2025-11-25 04:58:44 UTC
Red Hat Product Errata	RHSA-2025:22030	None	None	None	2025-11-25 07:55:04 UTC
Red Hat Product Errata	RHSA-2025:22275	None	None	None	2025-12-05 13:27:18 UTC
Red Hat Product Errata	RHSA-2025:23113	None	None	None	2026-01-07 07:15:34 UTC
Red Hat Product Errata	RHSA-2025:23347	None	None	None	2025-12-18 10:03:06 UTC
Red Hat Product Errata	RHSA-2025:23543	None	None	None	2025-12-18 04:19:53 UTC
Red Hat Product Errata	RHSA-2026:0315	None	None	None	2026-01-15 00:20:08 UTC
Red Hat Product Errata	RHSA-2026:0316	None	None	None	2026-01-15 05:11:25 UTC
Red Hat Product Errata	RHSA-2026:0331	None	None	None	2026-01-15 19:03:06 UTC
Red Hat Product Errata	RHSA-2026:0418	None	None	None	2026-01-15 19:06:34 UTC
Red Hat Product Errata	RHSA-2026:0424	None	None	None	2026-01-12 02:16:06 UTC
Red Hat Product Errata	RHSA-2026:0425	None	None	None	2026-01-12 03:35:19 UTC
Red Hat Product Errata	RHSA-2026:0426	None	None	None	2026-01-12 03:25:27 UTC
Red Hat Product Errata	RHSA-2026:0676	None	None	None	2026-01-22 19:46:35 UTC
Red Hat Product Errata	RHSA-2026:0701	None	None	None	2026-01-22 18:46:00 UTC
Red Hat Product Errata	RHSA-2026:0995	None	None	None	2026-01-30 15:07:20 UTC
Red Hat Product Errata	RHSA-2026:1540	None	None	None	2026-02-05 16:31:35 UTC

Description OSIDB Bzimport 2025-10-17 15:10:11 UTC

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.

Comment 6 errata-xmlrpc 2025-11-07 18:01:00 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:19927 https://access.redhat.com/errata/RHSA-2025:19927

Comment 9 errata-xmlrpc 2025-11-11 15:00:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:20957 https://access.redhat.com/errata/RHSA-2025:20957

Comment 11 errata-xmlrpc 2025-11-13 09:03:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21220 https://access.redhat.com/errata/RHSA-2025:21220

Comment 12 errata-xmlrpc 2025-11-13 10:36:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:21232 https://access.redhat.com/errata/RHSA-2025:21232

Comment 13 errata-xmlrpc 2025-11-18 00:12:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:21633 https://access.redhat.com/errata/RHSA-2025:21633

Comment 14 errata-xmlrpc 2025-11-18 00:23:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21634 https://access.redhat.com/errata/RHSA-2025:21634

Comment 15 errata-xmlrpc 2025-11-18 15:26:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21702 https://access.redhat.com/errata/RHSA-2025:21702

Comment 16 errata-xmlrpc 2025-11-20 07:48:43 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:21328 https://access.redhat.com/errata/RHSA-2025:21328

Comment 17 errata-xmlrpc 2025-11-25 04:58:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:22012 https://access.redhat.com/errata/RHSA-2025:22012

Comment 18 errata-xmlrpc 2025-11-25 05:17:05 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22011 https://access.redhat.com/errata/RHSA-2025:22011

Comment 19 errata-xmlrpc 2025-11-25 07:54:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:22030 https://access.redhat.com/errata/RHSA-2025:22030

Comment 20 errata-xmlrpc 2025-11-27 04:22:39 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:21795 https://access.redhat.com/errata/RHSA-2025:21795

Comment 21 errata-xmlrpc 2025-11-27 11:07:14 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:21824 https://access.redhat.com/errata/RHSA-2025:21824

Comment 22 errata-xmlrpc 2025-12-05 13:27:13 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:22275 https://access.redhat.com/errata/RHSA-2025:22275

Comment 23 errata-xmlrpc 2025-12-18 04:19:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23543 https://access.redhat.com/errata/RHSA-2025:23543

Comment 24 errata-xmlrpc 2025-12-18 10:02:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23347 https://access.redhat.com/errata/RHSA-2025:23347

Comment 25 errata-xmlrpc 2026-01-07 07:15:26 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:23113 https://access.redhat.com/errata/RHSA-2025:23113

Comment 31 errata-xmlrpc 2026-01-12 02:15:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0424 https://access.redhat.com/errata/RHSA-2026:0424

Comment 32 errata-xmlrpc 2026-01-12 03:25:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0426 https://access.redhat.com/errata/RHSA-2026:0426

Comment 33 errata-xmlrpc 2026-01-12 03:35:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0425 https://access.redhat.com/errata/RHSA-2026:0425

Comment 34 errata-xmlrpc 2026-01-15 00:20:00 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2026:0315 https://access.redhat.com/errata/RHSA-2026:0315

Comment 35 errata-xmlrpc 2026-01-15 05:11:18 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2026:0316 https://access.redhat.com/errata/RHSA-2026:0316

Comment 36 errata-xmlrpc 2026-01-15 19:02:59 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2026:0331 https://access.redhat.com/errata/RHSA-2026:0331

Comment 37 errata-xmlrpc 2026-01-15 19:06:25 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2026:0418 https://access.redhat.com/errata/RHSA-2026:0418

Comment 38 errata-xmlrpc 2026-01-22 18:45:52 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2026:0701 https://access.redhat.com/errata/RHSA-2026:0701

Comment 39 errata-xmlrpc 2026-01-22 19:46:27 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2026:0676 https://access.redhat.com/errata/RHSA-2026:0676

Comment 40 errata-xmlrpc 2026-01-30 15:07:12 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2026:0995 https://access.redhat.com/errata/RHSA-2026:0995

Comment 41 errata-xmlrpc 2026-02-05 16:31:27 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2026:1540 https://access.redhat.com/errata/RHSA-2026:1540

Note You need to log in before you can comment on or make changes to this bug.

abarbaro
adudiak
akoudelk
alcohan
alinfoot
alizardo
anpicker
asatyam
bbrownin
bdettelb
bparees
carogers
dfreiber
dhanak
diagrawa
doconnor
drosa
drow
dsimansk
dtrifiro
dymurray
eglynn
erezende
fdeutsch
gparvin
haoli
hasun
hkataria
ibolton
jajackso
jbalunas
jburrell
jcammara
jcantril
jchui
jfula
jhe
jjoyce
jkoehler
jmatthew
jmitchel
jmontleo
jneedle
jowilson
jsamir
jschluet
kaycoth
kegrant
kingland
koliveir
kshier
ktsao
kverlaen
lbragsta
lgamliel
lhh
ljawale
lphiri
lsvaty
luizcosta
mabashia
manissin
matzew
mburns
mgarciac
mnovotny
nboldt
nweather
nyancey
ometelka
oramraz
owatkins
pahickey
pakotvan
pbraun
pgaikwad
pgrist
psrna
ptisnovs
rbobbitt
rbryant
rfreiman
rhaigner
rjohnson
rojacob
sabiswas
sakbas
sausingh
sdawley
security-response-team
shvarugh
simaishi
slucidi
smcdonal
smullick
sseago
stcannon
sthirugn
stirabos
syedriko
teagle
tfister
thason
thavo
vkumar
weaton
wenshen
whayutin
xdharmai
xiyuan
yguenane