Linuxfoundation Runc
16 CVEs affecting Linuxfoundation Runc. Latest disclosed: 2025-11-06. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-21626 | High | 8.6 | 2024-01-31 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descrip… |
CVE-2019-5736 | High | 8.6 | 2019-02-11 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host roo… |
CVE-2021-30465 | High | 8.5 | 2021-05-27 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multipl… |
CVE-2025-31133 | High | 7.8 | 2025-11-06 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 an… |
CVE-2016-3697 | High | 7.8 | 2016-06-01 | libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local us… |
CVE-2025-52881 | High | 7.5 | 2025-11-06 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc… |
CVE-2025-52565 | High | 7.5 | 2025-11-06 | runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4… |
CVE-2019-16884 | High | 7.5 | 2019-09-25 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorr… |
CVE-2023-27561 | High | 7.0 | 2023-03-03 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must… |
CVE-2019-19921 | High | 7.0 | 2020-02-12 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker… |
CVE-2023-28642 | Medium | 6.1 | 2023-03-29 | runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the c… |
CVE-2021-43784 | Medium | 6.0 | 2021-12-06 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization syst… |
CVE-2022-29162 | Medium | 5.9 | 2022-05-17 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc… |
CVE-2022-24769 | Medium | 5.9 | 2022-03-24 | Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 2… |
CVE-2023-25809 | Medium | 5.0 | 2023-03-29 | runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/… |
CVE-2024-45310 | Low | 3.6 | 2024-09-03 | runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tr… |