Bug 2404715 (CVE-2025-52881) - CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
Summary: CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of s...
Keywords:
Status: NEW
Alias: CVE-2025-52881
Deadline: 2025-11-05
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2412965 2423984 2423985 2423988 2423991 2423992 2423996 2423997 2423998 2423999 2424000 2424001 2424002 2424003 2424004 2424005 2424006 2424007 2424008 2424009 2424010 2424011 2424012 2424013 2424014 2424015 2424016 2424017 2424018 2424019 2424020 2424021 2424022 2424023 2424027 2424030 2424031 2424032 2424033 2424034 2424035 2424036 2424037 2424038 2424039 2424040 2424041 2424043 2424044 2424045 2424046 2424048 2424051 2424053 2424055 2424057 2424059 2424060 2424063 2424066 2424068 2424069 2424072 2424075 2412964 2423983 2423986 2423987 2423989 2423990 2423993 2423994 2423995 2424024 2424025 2424026 2424028 2424029 2424071 2424073 2424074
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-17 15:10 UTC by OSIDB Bzimport
Modified: 2026-01-07 07:15 UTC (History)
111 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:19927 0 None None None 2025-11-07 18:01:05 UTC
Red Hat Product Errata RHSA-2025:20957 0 None None None 2025-11-11 15:00:21 UTC
Red Hat Product Errata RHSA-2025:21220 0 None None None 2025-11-13 09:03:34 UTC
Red Hat Product Errata RHSA-2025:21232 0 None None None 2025-11-13 10:36:13 UTC
Red Hat Product Errata RHSA-2025:21328 0 None None None 2025-11-20 07:48:48 UTC
Red Hat Product Errata RHSA-2025:21633 0 None None None 2025-11-18 00:12:20 UTC
Red Hat Product Errata RHSA-2025:21634 0 None None None 2025-11-18 00:23:27 UTC
Red Hat Product Errata RHSA-2025:21702 0 None None None 2025-11-18 15:27:04 UTC
Red Hat Product Errata RHSA-2025:21795 0 None None None 2025-11-27 04:22:44 UTC
Red Hat Product Errata RHSA-2025:21824 0 None None None 2025-11-27 11:07:19 UTC
Red Hat Product Errata RHSA-2025:22011 0 None None None 2025-11-25 05:17:11 UTC
Red Hat Product Errata RHSA-2025:22012 0 None None None 2025-11-25 04:58:44 UTC
Red Hat Product Errata RHSA-2025:22030 0 None None None 2025-11-25 07:55:04 UTC
Red Hat Product Errata RHSA-2025:22275 0 None None None 2025-12-05 13:27:18 UTC
Red Hat Product Errata RHSA-2025:23113 0 None None None 2026-01-07 07:15:34 UTC
Red Hat Product Errata RHSA-2025:23347 0 None None None 2025-12-18 10:03:06 UTC
Red Hat Product Errata RHSA-2025:23543 0 None None None 2025-12-18 04:19:53 UTC

Description OSIDB Bzimport 2025-10-17 15:10:11 UTC 
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
Comment 6 errata-xmlrpc 2025-11-07 18:01:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:19927 https://access.redhat.com/errata/RHSA-2025:19927
Comment 9 errata-xmlrpc 2025-11-11 15:00:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:20957 https://access.redhat.com/errata/RHSA-2025:20957
Comment 11 errata-xmlrpc 2025-11-13 09:03:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21220 https://access.redhat.com/errata/RHSA-2025:21220
Comment 12 errata-xmlrpc 2025-11-13 10:36:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:21232 https://access.redhat.com/errata/RHSA-2025:21232
Comment 13 errata-xmlrpc 2025-11-18 00:12:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:21633 https://access.redhat.com/errata/RHSA-2025:21633
Comment 14 errata-xmlrpc 2025-11-18 00:23:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21634 https://access.redhat.com/errata/RHSA-2025:21634
Comment 15 errata-xmlrpc 2025-11-18 15:26:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21702 https://access.redhat.com/errata/RHSA-2025:21702
Comment 16 errata-xmlrpc 2025-11-20 07:48:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:21328 https://access.redhat.com/errata/RHSA-2025:21328
Comment 17 errata-xmlrpc 2025-11-25 04:58:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:22012 https://access.redhat.com/errata/RHSA-2025:22012
Comment 18 errata-xmlrpc 2025-11-25 05:17:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22011 https://access.redhat.com/errata/RHSA-2025:22011
Comment 19 errata-xmlrpc 2025-11-25 07:54:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:22030 https://access.redhat.com/errata/RHSA-2025:22030
Comment 20 errata-xmlrpc 2025-11-27 04:22:39 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:21795 https://access.redhat.com/errata/RHSA-2025:21795
Comment 21 errata-xmlrpc 2025-11-27 11:07:14 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:21824 https://access.redhat.com/errata/RHSA-2025:21824
Comment 22 errata-xmlrpc 2025-12-05 13:27:13 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:22275 https://access.redhat.com/errata/RHSA-2025:22275
Comment 23 errata-xmlrpc 2025-12-18 04:19:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23543 https://access.redhat.com/errata/RHSA-2025:23543
Comment 24 errata-xmlrpc 2025-12-18 10:02:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23347 https://access.redhat.com/errata/RHSA-2025:23347
Comment 25 errata-xmlrpc 2026-01-07 07:15:26 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:23113 https://access.redhat.com/errata/RHSA-2025:23113
Note You need to log in before you can comment on or make changes to this bug.