Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to ...

Severe vulnerabilities have been discovered in the runC container runtime environment, used by Docker and Kubernetes, which ...

The US National Vulnerability Database (NVD) has discovered three new vulnerabilities in runC. This is the container runtime used as the reference ...

Fortunately, there are currently no reports of any of the three bugs being actively abused in the wild, and runC developers have been sharing mitigation actions, including activating user namespaces ...

Vulnerabilities discovered recently in the Runc container runtime can be exploited to escape containers and gain root access to the host.

Traditionally, the term braindump referred to someone taking an exam, memorizing the questions, and sharing them online for ...

What is KubeVirt? How does it migrate VMware workloads to Kubernetes? Fallout from Broadcom's VMware acquisition is boosting interest in KubeVirt, an open-source project that enables users to deploy ...

这三个漏洞的核心攻击方式均与 Linux 系统的文件挂载机制有关。攻击者可在容器启动的瞬间，通过竞争条件（Race Condition）或预设的符号链接（symlink），欺骗 runC 将宿主机上的敏感路径（如 / proc 目录下的文件）以可写方式挂载到容器内部。

此次 runC 漏洞的曝光，再次警示我们，在拥抱云原生技术的同时，必须高度重视容器安全。 容器逃逸漏洞的出现，不仅威胁到单个容器的安全性，更可能影响到整个宿主机乃至云环境的稳定和安全。 随着云原生技术的不断发展，容器安全将成为一个长期而艰巨的挑战。 开发者和运维人员需要不断学习和掌握最新的安全技术，及时更新和维护系统，并采取有效的安全措施，才能确保云原生环境的安全可靠运行。

IT之家11 月 10 日消息，科技媒体 bleepingcomputer 昨日（11 月 9 日）发布博文，报道称容器核心组件 runC 近日披露三项高危漏洞（CVE-2025-31133 等），影响 Docker、Kubernetes 等主流平台。 IT之家注：runC 是一个轻量级的命令行工具，是容器技术的“发动机”。它根据开放容器标准（OCI）来负责创建和运行容器，是 Docker、Kub ...

The flaws let attackers abuse masked paths, console bind-mounts, and redirected writes to escape containers and gain host ...

In the ever-evolving world of tech, DevOps is what keeps modern software development upright and going. Organisations ...