Security update for runc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3950-1 Final 1 1 2025-11-05T10:22:48Z current 2025-11-05T10:22:48Z 2025-11-05T10:22:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for runc This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro/5.5:latest-2025-3950,SUSE-2025-3950,SUSE-SLE-Micro-5.3-2025-3950,SUSE-SLE-Micro-5.4-2025-3950,SUSE-SLE-Micro-5.5-2025-3950,SUSE-SLE-Module-Basesystem-15-SP7-2025-3950,SUSE-SLE-Module-Containers-15-SP6-2025-3950,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3950,SUSE-SUSE-MicroOS-5.2-2025-3950,SUSE-Storage-7.1-2025-3950,openSUSE-SLE-15.6-2025-3950 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253950-1/ Link for SUSE-SU-2025:3950-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023152.html E-Mail link for SUSE-SU-2025:3950-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1252232 SUSE Bug 1252232 https://www.suse.com/security/cve/CVE-2025-31133/ SUSE CVE CVE-2025-31133 page https://www.suse.com/security/cve/CVE-2025-52565/ SUSE CVE CVE-2025-52565 page https://www.suse.com/security/cve/CVE-2025-52881/ SUSE CVE CVE-2025-52881 page Container suse/sle-micro/5.5:latest SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Containers 15 SP6 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 openSUSE Leap 15.6 runc-1.2.7-150000.80.1 runc-1.2.7-150000.80.1 as a component of Container suse/sle-micro/5.5:latest runc-1.2.7-150000.80.1 as a component of SUSE Enterprise Storage 7.1 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Micro 5.2 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Micro 5.3 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Micro 5.4 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Micro 5.5 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Module for Containers 15 SP6 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 runc-1.2.7-150000.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 runc-1.2.7-150000.80.1 as a component of openSUSE Leap 15.6 unknown CVE-2025-31133 Container suse/sle-micro/5.5:latest:runc-1.2.7-150000.80.1 SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1 openSUSE Leap 15.6:runc-1.2.7-150000.80.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253950-1/ https://www.suse.com/security/cve/CVE-2025-31133.html CVE-2025-31133 https://bugzilla.suse.com/1252232 SUSE Bug 1252232 unknown CVE-2025-52565 Container suse/sle-micro/5.5:latest:runc-1.2.7-150000.80.1 SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1 openSUSE Leap 15.6:runc-1.2.7-150000.80.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253950-1/ https://www.suse.com/security/cve/CVE-2025-52565.html CVE-2025-52565 https://bugzilla.suse.com/1252232 SUSE Bug 1252232 unknown CVE-2025-52881 Container suse/sle-micro/5.5:latest:runc-1.2.7-150000.80.1 SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1 openSUSE Leap 15.6:runc-1.2.7-150000.80.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253950-1/ https://www.suse.com/security/cve/CVE-2025-52881.html CVE-2025-52881 https://bugzilla.suse.com/1252232 SUSE Bug 1252232