cvelistv5 - cve-2025-52881

CVE-2025-52881 (GCVE-0-2025-52881)

Vulnerability from cvelistv5

Published

2025-11-06 20:23

Modified

2025-11-06 21:07

Severity ?

7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-61 - UNIX Symbolic Link (Symlink) Following
CWE-363 - Race Condition Enabling Link Following

Summary

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

References

URL

	Vendor	Product	Version
	opencontainers	runc	Version: <= 1.2.7, < 1.2.8 Version: <= 1.3.2, < 1.3.3 Version: <= 1.4.0-rc.2, < 1.4.0-rc.3

ghsa-cgrx-mc8f-2prm

Vulnerability from github

Published

2025-11-05 18:40

Modified

2025-11-06 21:31

Severity ?

7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Summary

runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Details

Impact

This attack is primarily a more sophisticated version of CVE-2019-19921, which was a flaw which allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation runc applied for CVE-2019-19921 was fairly limited and effectively only caused runc to verify that when runc writes LSM labels that those labels are actual procfs files.

Rather than using a fake tmpfs file for /proc/self/attr/<label>, an attacker could instead (through various means) make /proc/self/attr/<label> reference a real procfs file, but one that would still be a no-op (such as /proc/self/sched). This would have the same effect but would clear the "is a procfs file" check. Runc is aware that this kind of attack would be possible (even going so far as to discuss this publicly as "future work" at conferences), and runc is working on a far more comprehensive mitigation of this attack, but this security issue was disclosed before runc could complete this work.

In all known versions of runc, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (runc has also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts.

Note that while /proc/self/attr/<label> was the example used above (which is LSM-specific), this issue affect all writes to /proc in runc and thus also affects sysctls (written to /proc/sys/...) and some other APIs.

Additional Impacts

While investigating this issue, runc discovered that another risk with these redirected writes is that they could be redirected to dangerous files such as /proc/sysrq-trigger rather than just no-op files like /proc/self/sched. For instance, the default AppArmor profile name in Docker is docker-default, which when written to /proc/sysrq-trigger would cause the host system to crash.

When this was discovered, runc conducted an audit of other write operations within runc and found several possible areas where runc could be used as a semi-arbitrary write gadget when combined with the above race attacks. The most concerning attack scenario was the configuration of sysctls. Because the contents of the sysctl are free-form text, an attacker could use a misdirected write to write to /proc/sys/kernel/core_pattern and break out of the container (as described in CVE-2025-31133, kernel upcalls are not namespaced and so coredump helpers will run with complete root privileges on the host). Even if the attacker cannot configure custom sysctls, a valid sysctl string (when redirected to /proc/sysrq-trigger) can easily cause the machine to hang.

Note that the fact that this attack allows you to disable LSM labels makes it a very useful attack to combine with CVE-2025-31133 (as one of the only mitigations available to most users for that issue is AppArmor, and this attack would let you bypass that). However, the misdirected write issue above means that you could also achieve most of the same goals without needing to chain together attacks.

Patches

This advisory is being published as part of a set of three advisories:

CVE-2025-31133
CVE-2025-52881
CVE-2025-52565

The patches fixing this issue have accordingly been combined into a single patchset. The following patches from that patchset resolve the issues in this advisory:

db19bbed5348 ("internal/sys: add VerifyInode helper")
6fc191449109 ("internal: move utils.MkdirAllInRoot to internal/pathrs")
ff94f9991bd3 ("*: switch to safer securejoin.Reopen")
44a0fcf685db ("go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0")
77889b56db93 ("internal: add wrappers for securejoin.Proc*")
fdcc9d3cad2f ("apparmor: use safe procfs API for labels")
ff6fe1324663 ("utils: use safe procfs for /proc/self/fd loop code")
b3dd1bc562ed ("utils: remove unneeded EnsureProcHandle")
77d217c7c377 ("init: write sysctls using safe procfs API")
435cc81be6b7 ("init: use securejoin for /proc/self/setgroups")
d61fd29d854b ("libct/system: use securejoin for /proc/$pid/stat")
4b37cd93f86e ("libct: align param type for mountCgroupV1/V2 functions")
d40b3439a961 ("rootfs: switch to fd-based handling of mountpoint targets")
ed6b1693b8b3 ("selinux: use safe procfs API for labels")
Please note that this patch includes a private patch for github.com/opencontainers/selinux that could not be made public through a public pull request (as it would necessarily disclose this embargoed security issue).

The patch includes a complete copy of the forked code and a replace directive (as well as go mod vendor applied), which should still work with downstream build systems. If you cannot apply this patch, you can safely drop it -- some of the other patches in this series should block these kinds of racing mount attacks entirely.

See https://github.com/opencontainers/selinux/pull/237 for the upstream patch. * 3f925525b44d ("rootfs: re-allow dangling symlinks in mount targets") * a41366e74080 ("openat2: improve resilience on busy systems")

runc 1.2.8, 1.3.3, and 1.4.0-rc.3 have been released and all contain fixes for these issues. As per runc's new release model, runc 1.1.x and earlier are no longer supported and thus have not been patched.

Mitigations

Do not run untrusted container images from unknown or unverified sources.
For the basic no-op attack, this attack allows a container process to run with the same LSM labels as runc. For most AppArmor deployments this means it will be unconfined, and for SELinux it will likely be container_runtime_t. Runc has not conducted in-depth testing of the impact on SELinux -- it is possible that it provides some reasonable protection but it seems likely that an attacker could cause harm to systems even with such an SELinux setup.
For the more involved redirect and write gadget attacks, unfortunately most LSM profiles (including the standard container-selinux profiles) provide the container runtime access to sysctl files (including /proc/sysrq-trigger) and so LSMs likely do not provide much protection against these attacks.
Using rootless containers provides some protection against these kinds of bugs (privileged writes in runc being redirected) -- by having runc itself be an unprivileged process, in general you would expect the impact scope of a runc bug to be less severe as it would only have the privileges afforded to the host user which spawned runc. For this particular bug, the privilege escalation caused by the inadvertent write issue is entirely mitigated with rootless containers because the unprivileged user that the runc process is executing as cannot write to the aforementioned procfs files (even intentionally).

Other Runtimes

As this vulnerability boils down to a fairly easy-to-make logic bug, runc has provided information to other OCI (crun, youki) and non-OCI (LXC) container runtimes about this vulnerability.

Based on discussions with other runtimes, it seems that crun and youki may have similar security issues and will release a co-ordinated security release along with runc. LXC appears to use the host's /proc for all procfs operations, and so is likely not vulnerable to this issue (this is a trade-off -- runc uses the container's procfs to avoid CVE-2016-9962-style attacks).

Credits

Thanks to Li Fubang (@lifubang from acmcoder.com, CIIC) and Tõnis Tiigi (@tonistiigi from Docker) for both independently discovering this vulnerability, as well as Aleksa Sarai (@cyphar from SUSE) for the original research into this class of security issues and solutions.

Additional thanks go to Tõnis Tiigi for finding some very useful exploit templates for these kinds of race attacks using docker buildx build.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.2.7"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opencontainers/runc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opencontainers/selinux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.3.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opencontainers/runc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0-rc.1"
            },
            {
              "fixed": "1.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.4.0-rc.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opencontainers/runc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0-rc.1"
            },
            {
              "fixed": "1.4.0-rc.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-52881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-363",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-05T18:40:40Z",
    "nvd_published_at": "2025-11-06T21:15:42Z",
    "severity": "HIGH"
  },
  "details": "### Impact ###\n\nThis attack is primarily a more sophisticated version of CVE-2019-19921, which was a flaw which allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy `tmpfs` file and thus not apply the correct LSM labels to the container process. The mitigation runc applied for CVE-2019-19921 was fairly limited and effectively only caused runc to verify that when runc writes LSM labels that those labels are actual procfs files.\n\nRather than using a fake `tmpfs` file for `/proc/self/attr/\u003clabel\u003e`, an attacker could instead (through various means) make `/proc/self/attr/\u003clabel\u003e` reference a real `procfs` file, but one that would still be a no-op (such as `/proc/self/sched`). This would have the same effect but would clear the \"is a procfs file\" check. Runc is aware that this kind of attack would be possible (even going so far as to discuss this publicly as \"future work\" at conferences), and runc is working on a far more comprehensive mitigation of this attack, but this security issue was disclosed before runc could complete this work.\n\nIn all known versions of runc, an attacker can trick runc into misdirecting writes to `/proc` to other procfs files through the use of a racing container with shared mounts (runc has also verified this attack is possible to exploit using a standard Dockerfile with `docker buildx build` as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a `tmpfs` or theoretically other methods such as regular bind-mounts.\n\nNote that while `/proc/self/attr/\u003clabel\u003e` was the example used above (which is LSM-specific), this issue affect all writes to `/proc` in runc and thus also affects sysctls (written to `/proc/sys/...`) and some other APIs.\n\n#### Additional Impacts ####\n\nWhile investigating this issue, runc discovered that another risk with these redirected writes is that they could be redirected to dangerous files such as `/proc/sysrq-trigger` rather than just no-op files like `/proc/self/sched`. For instance, the default AppArmor profile name in Docker is `docker-default`, which when written to `/proc/sysrq-trigger` would cause the host system to crash.\n\nWhen this was discovered, runc conducted an audit of other write operations within runc and found several possible areas where runc could be used as a semi-arbitrary write gadget when combined with the above race attacks. The most concerning attack scenario was the configuration of sysctls. Because the contents of the sysctl are free-form text, an attacker could use a misdirected write to write to `/proc/sys/kernel/core_pattern` and break out of the container (as described in CVE-2025-31133, kernel upcalls are not namespaced and so coredump helpers will run with complete root privileges on the host). Even if the attacker cannot configure custom sysctls, a valid sysctl string (when redirected to `/proc/sysrq-trigger`) can easily cause the machine to hang.\n\nNote that the fact that this attack allows you to disable LSM labels makes it a very useful attack to combine with CVE-2025-31133 (as one of the only mitigations available to most users for that issue is AppArmor, and this attack would let you bypass that). However, the misdirected write issue above means that you could also achieve most of the same goals without needing to chain together attacks.\n\n### Patches ###\n\nThis advisory is being published as part of a set of three advisories:\n\n  * CVE-2025-31133\n  * CVE-2025-52881\n  * CVE-2025-52565\n\nThe patches fixing this issue have accordingly been combined into a single patchset. The following patches from that patchset resolve the issues in this advisory:\n\n * db19bbed5348 (\"internal/sys: add VerifyInode helper\")\n * 6fc191449109 (\"internal: move utils.MkdirAllInRoot to internal/pathrs\")\n * ff94f9991bd3 (\"*: switch to safer securejoin.Reopen\")\n * 44a0fcf685db (\"go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0\")\n * 77889b56db93 (\"internal: add wrappers for securejoin.Proc*\")\n * fdcc9d3cad2f (\"apparmor: use safe procfs API for labels\")\n * ff6fe1324663 (\"utils: use safe procfs for /proc/self/fd loop code\")\n * b3dd1bc562ed (\"utils: remove unneeded EnsureProcHandle\")\n * 77d217c7c377 (\"init: write sysctls using safe procfs API\")\n * 435cc81be6b7 (\"init: use securejoin for /proc/self/setgroups\")\n * d61fd29d854b (\"libct/system: use securejoin for /proc/$pid/stat\")\n * 4b37cd93f86e (\"libct: align param type for mountCgroupV1/V2 functions\")\n * d40b3439a961 (\"rootfs: switch to fd-based handling of mountpoint targets\")\n * ed6b1693b8b3 (\"selinux: use safe procfs API for labels\")\n   - Please note that this patch includes a private patch for `github.com/opencontainers/selinux` that could not be made public through a public pull request (as it would necessarily disclose this embargoed security issue).\n\n     The patch includes a complete copy of the forked code and a `replace` directive (as well as `go mod vendor` applied), which should still work with downstream build systems. If you cannot apply this patch, you can safely drop it -- some of the other patches in this series should block these kinds of racing mount attacks entirely.\n\n     See https://github.com/opencontainers/selinux/pull/237 for the upstream patch.\n * 3f925525b44d (\"rootfs: re-allow dangling symlinks in mount targets\")\n * a41366e74080 (\"openat2: improve resilience on busy systems\")\n\nrunc 1.2.8, 1.3.3, and 1.4.0-rc.3 have been released and all contain fixes for these issues. As per [runc\u0027s new release model][RELEASES.md], runc 1.1.x and earlier are no longer supported and thus have not been patched.\n\n[CVE-2025-31133]: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\n[CVE-2025-52565]: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\n[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\n[RELEASES.md]: https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\n\n### Mitigations ###\n\n * Do not run untrusted container images from unknown or unverified sources.\n\n * For the basic no-op attack, this attack allows a container process to run with the same LSM labels as `runc`. For most AppArmor deployments this means it will be `unconfined`, and for SELinux it will likely be `container_runtime_t`. Runc has not conducted in-depth testing of the impact on SELinux -- it is possible that it provides some reasonable protection but it seems likely that an attacker could cause harm to systems even with such an SELinux setup.\n\n * For the more involved redirect and write gadget attacks, unfortunately most LSM profiles (including the standard container-selinux profiles) provide the container runtime access to sysctl files (including `/proc/sysrq-trigger`) and so LSMs likely do not provide much protection against these attacks.\n\n * Using rootless containers provides some protection against these kinds of bugs (privileged writes in runc being redirected) -- by having runc itself be an unprivileged process, in general you would expect the impact scope of a runc bug to be less severe as it would only have the privileges afforded to the host user which spawned runc. For this particular bug, the privilege escalation caused by the inadvertent write issue is entirely mitigated with rootless containers because the unprivileged user that the `runc` process is executing as cannot write to the aforementioned procfs files (even intentionally).\n\n### Other Runtimes ###\n\nAs this vulnerability boils down to a fairly easy-to-make logic bug, runc has provided information to other OCI (crun, youki) and non-OCI (LXC) container runtimes about this vulnerability.\n\nBased on discussions with other runtimes, it seems that crun and youki may have similar security issues and will release a co-ordinated security release along with runc. LXC appears to use the host\u0027s `/proc` for all procfs operations, and so is likely not vulnerable to this issue (this is a trade-off -- runc uses the container\u0027s procfs to avoid CVE-2016-9962-style attacks).\n\n[CVE-2016-9962]: https://seclists.org/fulldisclosure/2017/Jan/21\n\n### Credits ###\n\nThanks to Li Fubang (@lifubang from acmcoder.com, CIIC) and T\u00f5nis Tiigi (@tonistiigi from Docker) for both independently discovering this vulnerability, as well as Aleksa Sarai (@cyphar from SUSE) for the original research into this class of security issues and solutions.\n\nAdditional thanks go to T\u00f5nis Tiigi for finding some very useful exploit templates for these kinds of race attacks using `docker buildx build`.",
  "id": "GHSA-cgrx-mc8f-2prm",
  "modified": "2025-11-06T21:31:52Z",
  "published": "2025-11-05T18:40:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/selinux/pull/237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"
    },
    {
      "type": "WEB",
      "url": "https://youtu.be/tGseJW_uBB8"
    },
    {
      "type": "WEB",
      "url": "https://youtu.be/y1PaBzxwRWQ"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/opencontainers/runc"
    },
    {
      "type": "WEB",
      "url": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"
    },
    {
      "type": "WEB",
      "url": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
}

opensuse-su-2025:15705-1

Vulnerability from csaf_opensuse

Published

2025-11-05 00:00

Modified

2025-11-05 00:00

Summary

runc-1.3.3-1.1 on GA media

Notes

Title of the patch

runc-1.3.3-1.1 on GA media

Description of the patch

These are all security issues fixed in the runc-1.3.3-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15705

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "runc-1.3.3-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the runc-1.3.3-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15705",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15705-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "runc-1.3.3-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-11-05T00:00:00Z",
      "generator": {
        "date": "2025-11-05T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15705-1",
      "initial_release_date": "2025-11-05T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-11-05T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.aarch64",
                "product": {
                  "name": "runc-1.3.3-1.1.aarch64",
                  "product_id": "runc-1.3.3-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.ppc64le",
                "product": {
                  "name": "runc-1.3.3-1.1.ppc64le",
                  "product_id": "runc-1.3.3-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.s390x",
                "product": {
                  "name": "runc-1.3.3-1.1.s390x",
                  "product_id": "runc-1.3.3-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.x86_64",
                "product": {
                  "name": "runc-1.3.3-1.1.x86_64",
                  "product_id": "runc-1.3.3-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64"
        },
        "product_reference": "runc-1.3.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x"
        },
        "product_reference": "runc-1.3.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
        },
        "product_reference": "runc-1.3.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
          "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:runc-1.3.3-1.1.aarch64",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.ppc64le",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.s390x",
            "openSUSE Tumbleweed:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

suse-su-2025:3951-1

Vulnerability from csaf_suse

Published

2025-11-05 10:23

Modified

2025-11-05 10:23

Summary

Security update for runc

Notes

Title of the patch

Security update for runc

Description of the patch

This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>

Patchnames

SUSE-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3951

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252232).\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).\n\nUpdate to runc v1.2.7. \n\n- Upstream changelog is available from \u003chttps://github.com/opencontainers/runc/releases/tag/v1.2.7\u003e\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3951",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3951-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:3951-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253951-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:3951-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023151.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-05T10:23:31Z",
      "generator": {
        "date": "2025-11-05T10:23:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:3951-1",
      "initial_release_date": "2025-11-05T10:23:31Z",
      "revision_history": [
        {
          "date": "2025-11-05T10:23:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.aarch64",
                "product": {
                  "name": "runc-1.2.7-16.67.1.aarch64",
                  "product_id": "runc-1.2.7-16.67.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.i586",
                "product": {
                  "name": "runc-1.2.7-16.67.1.i586",
                  "product_id": "runc-1.2.7-16.67.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.ppc64le",
                "product": {
                  "name": "runc-1.2.7-16.67.1.ppc64le",
                  "product_id": "runc-1.2.7-16.67.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.s390x",
                "product": {
                  "name": "runc-1.2.7-16.67.1.s390x",
                  "product_id": "runc-1.2.7-16.67.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.x86_64",
                "product": {
                  "name": "runc-1.2.7-16.67.1.x86_64",
                  "product_id": "runc-1.2.7-16.67.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64"
        },
        "product_reference": "runc-1.2.7-16.67.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-16.67.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x"
        },
        "product_reference": "runc-1.2.7-16.67.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64"
        },
        "product_reference": "runc-1.2.7-16.67.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        },
        "product_reference": "runc-1.2.7-16.67.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

suse-su-2025:3950-1

Vulnerability from csaf_suse

Published

2025-11-05 10:22

Modified

2025-11-05 10:22

Summary

Security update for runc

Notes

Title of the patch

Security update for runc

Description of the patch

Patchnames

SUSE-2025-3950,SUSE-SLE-Micro-5.3-2025-3950,SUSE-SLE-Micro-5.4-2025-3950,SUSE-SLE-Micro-5.5-2025-3950,SUSE-SLE-Module-Basesystem-15-SP7-2025-3950,SUSE-SLE-Module-Containers-15-SP6-2025-3950,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3950,SUSE-SUSE-MicroOS-5.2-2025-3950,SUSE-Storage-7.1-2025-3950,openSUSE-SLE-15.6-2025-3950

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252232).\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).\n\nUpdate to runc v1.2.7. \n\n- Upstream changelog is available from \u003chttps://github.com/opencontainers/runc/releases/tag/v1.2.7\u003e\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3950,SUSE-SLE-Micro-5.3-2025-3950,SUSE-SLE-Micro-5.4-2025-3950,SUSE-SLE-Micro-5.5-2025-3950,SUSE-SLE-Module-Basesystem-15-SP7-2025-3950,SUSE-SLE-Module-Containers-15-SP6-2025-3950,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3950,SUSE-SUSE-MicroOS-5.2-2025-3950,SUSE-Storage-7.1-2025-3950,openSUSE-SLE-15.6-2025-3950",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3950-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:3950-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253950-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:3950-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023152.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-05T10:22:48Z",
      "generator": {
        "date": "2025-11-05T10:22:48Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:3950-1",
      "initial_release_date": "2025-11-05T10:22:48Z",
      "revision_history": [
        {
          "date": "2025-11-05T10:22:48Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.aarch64",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.aarch64",
                  "product_id": "runc-1.2.7-150000.80.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.i586",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.i586",
                  "product_id": "runc-1.2.7-150000.80.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.ppc64le",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.ppc64le",
                  "product_id": "runc-1.2.7-150000.80.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.s390x",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.s390x",
                  "product_id": "runc-1.2.7-150000.80.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.x86_64",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.x86_64",
                  "product_id": "runc-1.2.7-150000.80.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7.1",
                "product": {
                  "name": "SUSE Enterprise Storage 7.1",
                  "product_id": "SUSE Enterprise Storage 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:22:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:22:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:22:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

fkie_cve-2025-52881

Vulnerability from fkie_nvd

Published

2025-11-06 21:15

Modified

2025-11-06 21:15

Severity ?

7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Summary

References

	URL	Tags
	security-advisories@github.com	http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322
	security-advisories@github.com	http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3
	security-advisories@github.com	https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51
	security-advisories@github.com	https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480
	security-advisories@github.com	https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2
	security-advisories@github.com	https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
	security-advisories@github.com	https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3."
    }
  ],
  "id": "CVE-2025-52881",
  "lastModified": "2025-11-06T21:15:42.817",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-06T21:15:42.817",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"
    },
    {
      "source": "security-advisories@github.com",
      "url": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        },
        {
          "lang": "en",
          "value": "CWE-363"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-52881 (GCVE-0-2025-52881)

Vulnerability from cvelistv5

ghsa-cgrx-mc8f-2prm

Vulnerability from github

Impact

Additional Impacts

Patches

Mitigations

Other Runtimes

Credits

opensuse-su-2025:15705-1

Vulnerability from csaf_opensuse

suse-su-2025:3951-1

Vulnerability from csaf_suse

suse-su-2025:3950-1

Vulnerability from csaf_suse

fkie_cve-2025-52881

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature