CVE-2025-31133 Overview
CVE-2025-31133 is a container escape vulnerability in runc, the widely-used CLI tool for spawning and running containers according to the OCI specification. The vulnerability stems from insufficient verification that the source of bind-mounts (specifically the container's /dev/null) was actually a legitimate /dev/null inode when using it to mask paths. This flaw exposes multiple attack methods including an arbitrary mount gadget that can lead to host information disclosure, host denial of service, container escape, or bypassing of maskedPaths security controls.
Critical Impact
This vulnerability allows attackers to escape container isolation, potentially gaining access to the host system, disclosing sensitive host information, or causing denial of service conditions through exploitation of the bind-mount verification weakness.
Affected Products
- Linux Foundation runc versions 1.2.7 and below
- Linux Foundation runc versions 1.3.0-rc.1 through 1.3.1
- Linux Foundation runc versions 1.4.0-rc.1 and 1.4.0-rc.2
Discovery Timeline
- 2025-11-06 - CVE CVE-2025-31133 published to NVD
- 2025-12-03 - Last updated in NVD database
Technical Details for CVE-2025-31133
Vulnerability Analysis
This vulnerability falls under the category of Symlink Attack (CWE-61: UNIX Symbolic Link Following). The flaw exists in runc's path masking functionality, which is designed to hide sensitive paths from containers by bind-mounting /dev/null over them. The vulnerable code failed to verify that the container's /dev/null was actually a legitimate null device inode before using it for masking operations.
The vulnerability enables two distinct attack vectors. First, an attacker can exploit the arbitrary mount gadget to mount arbitrary filesystems or access host paths that should be inaccessible from within the container. Second, the flaw allows bypassing of maskedPaths configurations, which are security controls intended to hide sensitive system paths from containerized processes.
Root Cause
The root cause lies in the maskPaths function within libcontainer/rootfs_linux.go. The original implementation relied on error handling (ENOTDIR) to determine whether the destination was a directory or file, rather than explicitly verifying the destination type. Additionally, the code did not verify that the /dev/null device file being used as the mount source was actually a legitimate null device, allowing an attacker to potentially substitute a malicious file.
Attack Vector
The attack requires local access with low privileges, though some user interaction is needed. An attacker with the ability to manipulate the container's filesystem before or during initialization could replace or manipulate the /dev/null device file. When runc performs path masking operations, it would use this manipulated file instead of the real null device, potentially allowing:
- Arbitrary file or directory mounting from the host into the container
- Disclosure of sensitive host system information
- Denial of service against the host system
- Complete container escape with potential host-level access
// Security patch showing proper destination type verification
// Source: https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66
}
return fmt.Errorf("can't mask path %q: %w", path, err)
}
-
- dstFd := filepath.Join(procSelfFd, strconv.Itoa(int(dstFh.Fd())))
- err = mountViaFds("", devNullSrc, path, dstFd, "", unix.MS_BIND, "")
- dstFh.Close()
+ st, err := dstFh.Stat()
if err != nil {
- if !errors.Is(err, unix.ENOTDIR) {
- return fmt.Errorf("can't mask path %q: %w", path, err)
- }
+ dstFh.Close()
+ return fmt.Errorf("can't mask path %q: %w", path, err)
+ }
+ var dstType string
+ if st.IsDir() {
// Destination is a directory: bind mount a ro tmpfs over it.
- err := mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel))
- if err != nil {
- return fmt.Errorf("can't mask dir %q: %w", path, err)
- }
+ dstType = "dir"
+ err = mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel))
+ } else {
+ // Destination is a file: mount it to /dev/null.
+ dstType = "path"
+ dstFd := filepath.Join(procSelfFd, strconv.Itoa(int(dstFh.Fd())))
+ err = mountViaFds("", devNullSrc, path, dstFd, "", unix.MS_BIND, "")
+ }
Detection Methods for CVE-2025-31133
Indicators of Compromise
- Unexpected bind mounts appearing on host systems that originate from container contexts
- Anomalous access patterns to sensitive host paths from containerized processes
- Modified or substituted /dev/null device files within container filesystems
- Container processes accessing paths that should be blocked by maskedPaths configuration
Detection Strategies
- Monitor for unusual mount operations during container initialization, particularly bind mounts involving /dev/null
- Implement file integrity monitoring on container runtime binaries, specifically runc
- Audit container configurations for maskedPaths and verify they are being honored
- Deploy runtime security tools that can detect container escape attempts and host filesystem access
Monitoring Recommendations
- Enable detailed logging for container runtime operations including mount syscalls
- Configure alerts for any container process attempting to access host-sensitive directories
- Monitor runc version information across your container infrastructure to identify vulnerable deployments
- Implement behavioral analysis to detect containers performing atypical filesystem operations
How to Mitigate CVE-2025-31133
Immediate Actions Required
- Upgrade runc to patched versions: 1.2.8, 1.3.3, or 1.4.0-rc.3 immediately
- Audit all container hosts to identify running runc versions using runc --version
- Review container orchestration platforms (Docker, Kubernetes, containerd) that bundle runc for updates
- Restrict container capabilities and apply principle of least privilege to reduce attack surface
Patch Information
The vulnerability has been addressed in runc versions 1.2.8, 1.3.3, and 1.4.0-rc.3. Multiple commits were applied to fix the vulnerability, implementing proper verification of the /dev/null device and improving destination type checking in the path masking functionality. The patches are available via the GitHub Security Advisory GHSA-9493-h29p-rfm2. Key security commits include fixes in rootfs_linux.go and init_linux.go that add proper isDevNull and verifyDevNull functions.
Workarounds
- Apply strict AppArmor or SELinux profiles to containers to limit filesystem access capabilities
- Use user namespaces to reduce the impact of potential container escapes
- Implement network segmentation to limit lateral movement if container escape occurs
- Consider using gVisor or Kata Containers for workloads requiring stronger isolation guarantees
# Verify runc version and upgrade if vulnerable
runc --version
# For Docker-based systems, update Docker which bundles runc
apt-get update && apt-get install docker-ce docker-ce-cli containerd.io
# For standalone runc installations
# Download patched version from GitHub releases
wget https://github.com/opencontainers/runc/releases/download/v1.2.8/runc.amd64
chmod +x runc.amd64
mv runc.amd64 /usr/local/sbin/runc
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
