{
  "threat_severity" : "Important",
  "public_date" : "2025-11-05T00:00:00Z",
  "bugzilla" : {
    "description" : "runc: container escape with malicious config due to /dev/console mount and related races",
    "id" : "2404708",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-59",
  "details" : [ "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console." ],
  "statement" : "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-11-13T00:00:00Z",
    "advisory" : "RHSA-2025:21232",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "container-tools:rhel8-8100020251112161627.afee755d"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-03-17T00:00:00Z",
    "advisory" : "RHSA-2026:4693",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "container-tools:rhel8-8080020260226135022.63b34585"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-03-17T00:00:00Z",
    "advisory" : "RHSA-2026:4693",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "container-tools:rhel8-8080020260226135022.63b34585"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-07T00:00:00Z",
    "advisory" : "RHSA-2025:19927",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "runc-4:1.2.5-3.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20957",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "runc-4:1.3.0-4.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-03-12T00:00:00Z",
    "advisory" : "RHSA-2026:4531",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "runc-4:1.2.9-1.el9_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-01-12T00:00:00Z",
    "advisory" : "RHSA-2026:0425",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "runc-4:1.2.9-1.el9_4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2026-01-15T00:00:00Z",
    "advisory" : "RHSA-2026:0315",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "runc-4:1.2.9-1.rhaos4.17.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0676",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "runc-4:1.2.9-1.rhaos4.16.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2025-12-05T00:00:00Z",
    "advisory" : "RHSA-2025:22275",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el9",
    "package" : "rhcos-413.92.202511261311-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2026-01-30T00:00:00Z",
    "advisory" : "RHSA-2026:0995",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el8",
    "package" : "runc-4:1.2.9-1.rhaos4.16.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.15",
    "release_date" : "2026-02-05T00:00:00Z",
    "advisory" : "RHSA-2026:1540",
    "cpe" : "cpe:/a:redhat:openshift:4.15::el8",
    "package" : "runc-4:1.2.9-1.rhaos4.16.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.15",
    "release_date" : "2026-01-07T00:00:00Z",
    "advisory" : "RHSA-2025:23113",
    "cpe" : "cpe:/a:redhat:openshift:4.15::el9",
    "package" : "rhcos-415.92.202512100122-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.16",
    "release_date" : "2026-01-15T00:00:00Z",
    "advisory" : "RHSA-2026:0418",
    "cpe" : "cpe:/a:redhat:openshift:4.16::el8",
    "package" : "runc-4:1.2.9-1.rhaos4.16.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.16",
    "release_date" : "2025-11-27T00:00:00Z",
    "advisory" : "RHSA-2025:21824",
    "cpe" : "cpe:/a:redhat:openshift:4.16::el9",
    "package" : "rhcos-416.94.202511191934-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.17",
    "release_date" : "2026-01-22T00:00:00Z",
    "advisory" : "RHSA-2026:0701",
    "cpe" : "cpe:/a:redhat:openshift:4.17::el9",
    "package" : "runc-4:1.2.9-1.rhaos4.17.el9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.18",
    "release_date" : "2026-01-15T00:00:00Z",
    "advisory" : "RHSA-2026:0331",
    "cpe" : "cpe:/a:redhat:openshift:4.18::el8",
    "package" : "runc-4:1.2.9-1.rhaos4.18.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.18",
    "release_date" : "2025-11-27T00:00:00Z",
    "advisory" : "RHSA-2025:21795",
    "cpe" : "cpe:/a:redhat:openshift:4.18::el9",
    "package" : "rhcos-418.94.202511170715-0"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-10T00:00:00Z",
    "advisory" : "RHSA-2025:23078",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-cuda-rhel9:sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-10T00:00:00Z",
    "advisory" : "RHSA-2025:23079",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-rocm-rhel9:sha256:7856bdb7ae0d643a7b9362c164d4d4fe3c0c7186f5fff73a7ae9835b3df52e57"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-10T00:00:00Z",
    "advisory" : "RHSA-2025:23080",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/model-opt-cuda-rhel9:sha256:14e32e88f1b89f59ed34a6d712746b82a6a54c6ed4727784f18aeff853abbdc7"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-15T00:00:00Z",
    "advisory" : "RHSA-2025:23202",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/model-opt-cuda-rhel9:sha256:f083e52ef4198ab8123c49eb044c4374ec996f65633d224bb8152ef0c3f30e7d"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-15T00:00:00Z",
    "advisory" : "RHSA-2025:23204",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-cuda-rhel9:sha256:7b04c0154c486aa7dd103ddeaf6bea7b9851859c33a4b979a85261a44a7b77f2"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-15T00:00:00Z",
    "advisory" : "RHSA-2025:23205",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-rocm-rhel9:sha256:e3b3efcdd86f60b90664a249d45918b2ac5f45bae5eed5399e310d63e878b287"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-15T00:00:00Z",
    "advisory" : "RHSA-2025:23209",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-tpu-rhel9:sha256:64796b48c68d31973a08e22c9530c39b1bc3ba9f376bbefa57643ef0fc857534"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23449",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-rocm-rhel9:sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2026-02-27T00:00:00Z",
    "advisory" : "RHSA-2026:3461",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-cuda-rhel9:sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.2",
    "release_date" : "2026-02-27T00:00:00Z",
    "advisory" : "RHSA-2026:3462",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9",
    "package" : "rhaiis/vllm-rocm-rhel9:sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift-clients",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-52565\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-52565\nhttps://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r" ],
  "name" : "CVE-2025-52565",
  "mitigation" : {
    "value" : "Potential mitigations for this issue include:\n* Using user namespaces, with the host root user not mapped into the container's namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
    "lang" : "en:us"
  },
  "csaw" : false
}