Vulnerability-Lookup

CVE-2025-52881 (GCVE-0-2025-52881)

Vulnerability from cvelistv5 – Published: 2025-11-06 20:23 – Updated: 2025-11-06 21:07

Title

runc: LSM labels can be bypassed with malicious config using dummy procfs files

Summary

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

Severity

7.3 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-61 - UNIX Symbolic Link (Symlink) Following
CWE-363 - Race Condition Enabling Link Following

Assigner

GitHub_M

References

20 references

URL	Tags
https://github.com/opencontainers/runc/security/a…	x_refsource_CONFIRM
https://github.com/opencontainers/runc/security/a…	x_refsource_MISC
https://github.com/opencontainers/runc/security/a…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/ff9…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/ff6…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/ed6…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/db1…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/d61…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/d40…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/b3d…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/77d…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/778…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/6fc…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/4b3…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/44a…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/435…	x_refsource_MISC
https://github.com/opencontainers/runc/commit/3f9…	x_refsource_MISC
https://github.com/opencontainers/runc/blob/v1.4.…	x_refsource_MISC
http://github.com/opencontainers/runc/commit/a413…	x_refsource_MISC
http://github.com/opencontainers/runc/commit/fdcc…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
opencontainers	runc	Affected: <= 1.2.7, < 1.2.8 Affected: <= 1.3.2, < 1.3.3 Affected: <= 1.4.0-rc.2, < 1.4.0-rc.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-06T21:06:59.235416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-06T21:07:09.382Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "runc",
          "vendor": "opencontainers",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.2.7, \u003c 1.2.8"
            },
            {
              "status": "affected",
              "version": "\u003c= 1.3.2, \u003c 1.3.3"
            },
            {
              "status": "affected",
              "version": "\u003c= 1.4.0-rc.2, \u003c 1.4.0-rc.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-363",
              "description": "CWE-363: Race Condition Enabling Link Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T20:23:36.237Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
        },
        {
          "name": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        },
        {
          "name": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557"
        },
        {
          "name": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md"
        },
        {
          "name": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"
        },
        {
          "name": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"
        }
      ],
      "source": {
        "advisory": "GHSA-cgrx-mc8f-2prm",
        "discovery": "UNKNOWN"
      },
      "title": "runc: LSM labels can be bypassed with malicious config using dummy procfs files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52881",
    "datePublished": "2025-11-06T20:23:36.237Z",
    "dateReserved": "2025-06-20T17:42:25.708Z",
    "dateUpdated": "2025-11-06T21:07:09.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-52881",
      "date": "2026-06-25",
      "epss": "0.00526",
      "percentile": "0.40468"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52881\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-06T21:15:42.817\",\"lastModified\":\"2025-12-03T18:37:17.917\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-61\"},{\"lang\":\"en\",\"value\":\"CWE-363\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.8\",\"matchCriteriaId\":\"889E52A1-D7B0-4DC8-BD63-9413A1DD9EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.0\",\"versionEndExcluding\":\"1.3.3\",\"matchCriteriaId\":\"F3193A96-E882-439B-984E-782315C62F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"082E3496-822B-481B-AC2F-DA8DCAFC28FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"71C62E90-6357-44A4-B582-28B1F1D9B16D\"}]}]}],\"references\":[{\"url\":\"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\",\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\",\"Exploit\",\"Mitigation\",\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\",\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-06T21:06:59.235416Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-06T21:07:04.283Z\"}}], \"cna\": {\"title\": \"runc: LSM labels can be bypassed with malicious config using dummy procfs files\", \"source\": {\"advisory\": \"GHSA-cgrx-mc8f-2prm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"opencontainers\", \"product\": \"runc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 1.2.7, \u003c 1.2.8\"}, {\"status\": \"affected\", \"version\": \"\u003c= 1.3.2, \u003c 1.3.3\"}, {\"status\": \"affected\", \"version\": \"\u003c= 1.4.0-rc.2, \u003c 1.4.0-rc.3\"}]}], \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\", \"name\": \"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51\", \"name\": \"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1\", \"name\": \"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\", \"name\": \"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165\", \"name\": \"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2\", \"name\": \"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28\", \"name\": \"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db\", \"name\": \"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544\", \"name\": \"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f\", \"name\": \"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6\", \"name\": \"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58\", \"name\": \"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d\", \"name\": \"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557\", \"name\": \"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\", \"name\": \"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322\", \"name\": \"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3\", \"name\": \"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-61\", \"description\": \"CWE-61: UNIX Symbolic Link (Symlink) Following\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-363\", \"description\": \"CWE-363: Race Condition Enabling Link Following\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-06T20:23:36.237Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52881\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T21:07:09.382Z\", \"dateReserved\": \"2025-06-20T17:42:25.708Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-06T20:23:36.237Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

RHSA-2026:8325

Vulnerability from csaf_redhat - Published: 2026-04-15 15:24 - Updated: 2026-06-25 11:18

Summary

Red Hat Security Advisory: buildah, crun, podman, runc, and skopeo security update

Severity

Important

Notes

Topic: An update for multiple packages is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) * golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913) * github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-31133

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround

Known not affected 101 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround

Threats

Impact Important

CVE-2025-47913

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 50 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround

Known not affected 64 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround

Threats

Impact Important

CVE-2025-52565

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround

Known not affected 101 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround

Threats

Impact Important

CVE-2025-52881

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 84 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround

Threats

Impact Important

CVE-2025-58183

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 88 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64	—	Vendor Fix fix Workaround

Known not affected 26 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64	—	Workaround

Threats

Impact Moderate

CVE-2025-65637

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 84 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x	—	Workaround
Unresolved product id: AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64	—	Workaround

Threats

Impact Moderate

References

53 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:8325	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2404705	external
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://bugzilla.redhat.com/show_bug.cgi?id=2404715	external
https://bugzilla.redhat.com/show_bug.cgi?id=2407258	external
https://bugzilla.redhat.com/show_bug.cgi?id=2414943	external
https://bugzilla.redhat.com/show_bug.cgi?id=2418900	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-31133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404705	external
https://www.cve.org/CVERecord?id=CVE-2025-31133	external
https://nvd.nist.gov/vuln/detail/CVE-2025-31133	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-47913	self
https://bugzilla.redhat.com/show_bug.cgi?id=2414943	external
https://www.cve.org/CVERecord?id=CVE-2025-47913	external
https://nvd.nist.gov/vuln/detail/CVE-2025-47913	external
https://github.com/advisories/GHSA-hcg3-q754-cr77	external
https://go.dev/cl/700295	external
https://go.dev/issue/75178	external
https://pkg.go.dev/vuln/GO-2025-4116	external
https://access.redhat.com/security/cve/CVE-2025-52565	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404708	external
https://www.cve.org/CVERecord?id=CVE-2025-52565	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52565	external
https://github.com/opencontainers/runc/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-52881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404715	external
https://www.cve.org/CVERecord?id=CVE-2025-52881	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52881	external
https://github.com/opencontainers/runc/security/a…	external
https://github.com/opencontainers/selinux/pull/237	external
https://access.redhat.com/security/cve/CVE-2025-58183	self
https://bugzilla.redhat.com/show_bug.cgi?id=2407258	external
https://www.cve.org/CVERecord?id=CVE-2025-58183	external
https://nvd.nist.gov/vuln/detail/CVE-2025-58183	external
https://go.dev/cl/709861	external
https://go.dev/issue/75677	external
https://groups.google.com/g/golang-announce/c/4Em…	external
https://pkg.go.dev/vuln/GO-2025-4014	external
https://access.redhat.com/security/cve/CVE-2025-65637	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418900	external
https://www.cve.org/CVERecord?id=CVE-2025-65637	external
https://nvd.nist.gov/vuln/detail/CVE-2025-65637	external
https://github.com/mjuanxd/logrus-dos-poc	external
https://github.com/mjuanxd/logrus-dos-poc/blob/ma…	external
https://github.com/sirupsen/logrus/issues/1370	external
https://github.com/sirupsen/logrus/pull/1376	external
https://github.com/sirupsen/logrus/releases/tag/v1.8.3	external
https://github.com/sirupsen/logrus/releases/tag/v1.9.1	external
https://github.com/sirupsen/logrus/releases/tag/v1.9.3	external
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBC…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for multiple packages is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions (CVE-2025-31133)\n\n* runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)\n\n* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)\n\n* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)\n\n* golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)\n\n* github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:8325",
        "url": "https://access.redhat.com/errata/RHSA-2026:8325"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2404705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
      },
      {
        "category": "external",
        "summary": "2404708",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
      },
      {
        "category": "external",
        "summary": "2404715",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
      },
      {
        "category": "external",
        "summary": "2407258",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
      },
      {
        "category": "external",
        "summary": "2414943",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
      },
      {
        "category": "external",
        "summary": "2418900",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418900"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8325.json"
      }
    ],
    "title": "Red Hat Security Advisory: buildah, crun, podman, runc, and skopeo security update",
    "tracking": {
      "current_release_date": "2026-06-25T11:18:32+00:00",
      "generator": {
        "date": "2026-06-25T11:18:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.1.0"
        }
      },
      "id": "RHSA-2026:8325",
      "initial_release_date": "2026-04-15T15:24:38+00:00",
      "revision_history": [
        {
          "date": "2026-04-15T15:24:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-15T15:24:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T11:18:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                  "product_id": "AppStream-9.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "buildah-1:1.26.9-1.el9_0.3.src",
                "product": {
                  "name": "buildah-1:1.26.9-1.el9_0.3.src",
                  "product_id": "buildah-1:1.26.9-1.el9_0.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah@1.26.9-1.el9_0.3?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-4:1.2.9-1.el9_0.src",
                "product": {
                  "name": "runc-4:1.2.9-1.el9_0.src",
                  "product_id": "runc-4:1.2.9-1.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_0?arch=src\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-2:4.2.0-6.el9_0.6.src",
                "product": {
                  "name": "podman-2:4.2.0-6.el9_0.6.src",
                  "product_id": "podman-2:4.2.0-6.el9_0.6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman@4.2.0-6.el9_0.6?arch=src\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-2:1.8.0-4.1.el9_0.2.src",
                "product": {
                  "name": "skopeo-2:1.8.0-4.1.el9_0.2.src",
                  "product_id": "skopeo-2:1.8.0-4.1.el9_0.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo@1.8.0-4.1.el9_0.2?arch=src\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-0:1.14.3-1.el9_0.src",
                "product": {
                  "name": "crun-0:1.14.3-1.el9_0.src",
                  "product_id": "crun-0:1.14.3-1.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun@1.14.3-1.el9_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "buildah-1:1.26.9-1.el9_0.3.aarch64",
                "product": {
                  "name": "buildah-1:1.26.9-1.el9_0.3.aarch64",
                  "product_id": "buildah-1:1.26.9-1.el9_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah@1.26.9-1.el9_0.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
                "product": {
                  "name": "buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
                  "product_id": "buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests@1.26.9-1.el9_0.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
                "product": {
                  "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
                  "product_id": "buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debugsource@1.26.9-1.el9_0.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
                "product": {
                  "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
                  "product_id": "buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debuginfo@1.26.9-1.el9_0.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
                "product": {
                  "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
                  "product_id": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.26.9-1.el9_0.3?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-4:1.2.9-1.el9_0.aarch64",
                "product": {
                  "name": "runc-4:1.2.9-1.el9_0.aarch64",
                  "product_id": "runc-4:1.2.9-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_0?arch=aarch64\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-4:1.2.9-1.el9_0.aarch64",
                "product": {
                  "name": "runc-debugsource-4:1.2.9-1.el9_0.aarch64",
                  "product_id": "runc-debugsource-4:1.2.9-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_0?arch=aarch64\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
                "product": {
                  "name": "runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
                  "product_id": "runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_0?arch=aarch64\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-remote-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-remote-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-tests-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-tests-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-tests-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-tests@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                "product": {
                  "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_id": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-6.el9_0.6?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
                "product": {
                  "name": "skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_id": "skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo@1.8.0-4.1.el9_0.2?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
                "product": {
                  "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_id": "skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-tests@1.8.0-4.1.el9_0.2?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
                "product": {
                  "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_id": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debugsource@1.8.0-4.1.el9_0.2?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
                "product": {
                  "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_id": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.8.0-4.1.el9_0.2?arch=aarch64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-0:1.14.3-1.el9_0.aarch64",
                "product": {
                  "name": "crun-0:1.14.3-1.el9_0.aarch64",
                  "product_id": "crun-0:1.14.3-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun@1.14.3-1.el9_0?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debugsource-0:1.14.3-1.el9_0.aarch64",
                "product": {
                  "name": "crun-debugsource-0:1.14.3-1.el9_0.aarch64",
                  "product_id": "crun-debugsource-0:1.14.3-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debugsource@1.14.3-1.el9_0?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
                "product": {
                  "name": "crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
                  "product_id": "crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debuginfo@1.14.3-1.el9_0?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "buildah-1:1.26.9-1.el9_0.3.ppc64le",
                "product": {
                  "name": "buildah-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_id": "buildah-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah@1.26.9-1.el9_0.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
                "product": {
                  "name": "buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_id": "buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests@1.26.9-1.el9_0.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
                "product": {
                  "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_id": "buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debugsource@1.26.9-1.el9_0.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
                "product": {
                  "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_id": "buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debuginfo@1.26.9-1.el9_0.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
                "product": {
                  "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_id": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.26.9-1.el9_0.3?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-4:1.2.9-1.el9_0.ppc64le",
                "product": {
                  "name": "runc-4:1.2.9-1.el9_0.ppc64le",
                  "product_id": "runc-4:1.2.9-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_0?arch=ppc64le\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
                "product": {
                  "name": "runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
                  "product_id": "runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_0?arch=ppc64le\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
                "product": {
                  "name": "runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
                  "product_id": "runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_0?arch=ppc64le\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-tests@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                "product": {
                  "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_id": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-6.el9_0.6?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
                "product": {
                  "name": "skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_id": "skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo@1.8.0-4.1.el9_0.2?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
                "product": {
                  "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_id": "skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-tests@1.8.0-4.1.el9_0.2?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
                "product": {
                  "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_id": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debugsource@1.8.0-4.1.el9_0.2?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
                "product": {
                  "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_id": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.8.0-4.1.el9_0.2?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-0:1.14.3-1.el9_0.ppc64le",
                "product": {
                  "name": "crun-0:1.14.3-1.el9_0.ppc64le",
                  "product_id": "crun-0:1.14.3-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun@1.14.3-1.el9_0?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
                "product": {
                  "name": "crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
                  "product_id": "crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debugsource@1.14.3-1.el9_0?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
                "product": {
                  "name": "crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
                  "product_id": "crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debuginfo@1.14.3-1.el9_0?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "buildah-1:1.26.9-1.el9_0.3.x86_64",
                "product": {
                  "name": "buildah-1:1.26.9-1.el9_0.3.x86_64",
                  "product_id": "buildah-1:1.26.9-1.el9_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah@1.26.9-1.el9_0.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
                "product": {
                  "name": "buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
                  "product_id": "buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests@1.26.9-1.el9_0.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
                "product": {
                  "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
                  "product_id": "buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debugsource@1.26.9-1.el9_0.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
                "product": {
                  "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
                  "product_id": "buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debuginfo@1.26.9-1.el9_0.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
                "product": {
                  "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
                  "product_id": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.26.9-1.el9_0.3?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-4:1.2.9-1.el9_0.x86_64",
                "product": {
                  "name": "runc-4:1.2.9-1.el9_0.x86_64",
                  "product_id": "runc-4:1.2.9-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_0?arch=x86_64\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-4:1.2.9-1.el9_0.x86_64",
                "product": {
                  "name": "runc-debugsource-4:1.2.9-1.el9_0.x86_64",
                  "product_id": "runc-debugsource-4:1.2.9-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_0?arch=x86_64\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
                "product": {
                  "name": "runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
                  "product_id": "runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_0?arch=x86_64\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-remote-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-remote-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-tests-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-tests-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-tests-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-tests@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                "product": {
                  "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_id": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-6.el9_0.6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
                "product": {
                  "name": "skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_id": "skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo@1.8.0-4.1.el9_0.2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64",
                "product": {
                  "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_id": "skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-tests@1.8.0-4.1.el9_0.2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
                "product": {
                  "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_id": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debugsource@1.8.0-4.1.el9_0.2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
                "product": {
                  "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_id": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.8.0-4.1.el9_0.2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-0:1.14.3-1.el9_0.x86_64",
                "product": {
                  "name": "crun-0:1.14.3-1.el9_0.x86_64",
                  "product_id": "crun-0:1.14.3-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun@1.14.3-1.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debugsource-0:1.14.3-1.el9_0.x86_64",
                "product": {
                  "name": "crun-debugsource-0:1.14.3-1.el9_0.x86_64",
                  "product_id": "crun-debugsource-0:1.14.3-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debugsource@1.14.3-1.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
                "product": {
                  "name": "crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
                  "product_id": "crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debuginfo@1.14.3-1.el9_0?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "buildah-1:1.26.9-1.el9_0.3.s390x",
                "product": {
                  "name": "buildah-1:1.26.9-1.el9_0.3.s390x",
                  "product_id": "buildah-1:1.26.9-1.el9_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah@1.26.9-1.el9_0.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-1:1.26.9-1.el9_0.3.s390x",
                "product": {
                  "name": "buildah-tests-1:1.26.9-1.el9_0.3.s390x",
                  "product_id": "buildah-tests-1:1.26.9-1.el9_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests@1.26.9-1.el9_0.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
                "product": {
                  "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
                  "product_id": "buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debugsource@1.26.9-1.el9_0.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
                "product": {
                  "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
                  "product_id": "buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-debuginfo@1.26.9-1.el9_0.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
                "product": {
                  "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
                  "product_id": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.26.9-1.el9_0.3?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-4:1.2.9-1.el9_0.s390x",
                "product": {
                  "name": "runc-4:1.2.9-1.el9_0.s390x",
                  "product_id": "runc-4:1.2.9-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.2.9-1.el9_0?arch=s390x\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-4:1.2.9-1.el9_0.s390x",
                "product": {
                  "name": "runc-debugsource-4:1.2.9-1.el9_0.s390x",
                  "product_id": "runc-debugsource-4:1.2.9-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-1.el9_0?arch=s390x\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-4:1.2.9-1.el9_0.s390x",
                "product": {
                  "name": "runc-debuginfo-4:1.2.9-1.el9_0.s390x",
                  "product_id": "runc-debuginfo-4:1.2.9-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-1.el9_0?arch=s390x\u0026epoch=4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-plugins-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-plugins-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-remote-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-remote-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-tests-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-tests-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-tests-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-tests@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                "product": {
                  "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_id": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-6.el9_0.6?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-2:1.8.0-4.1.el9_0.2.s390x",
                "product": {
                  "name": "skopeo-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_id": "skopeo-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo@1.8.0-4.1.el9_0.2?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
                "product": {
                  "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_id": "skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-tests@1.8.0-4.1.el9_0.2?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
                "product": {
                  "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_id": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debugsource@1.8.0-4.1.el9_0.2?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
                "product": {
                  "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_id": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.8.0-4.1.el9_0.2?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-0:1.14.3-1.el9_0.s390x",
                "product": {
                  "name": "crun-0:1.14.3-1.el9_0.s390x",
                  "product_id": "crun-0:1.14.3-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun@1.14.3-1.el9_0?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debugsource-0:1.14.3-1.el9_0.s390x",
                "product": {
                  "name": "crun-debugsource-0:1.14.3-1.el9_0.s390x",
                  "product_id": "crun-debugsource-0:1.14.3-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debugsource@1.14.3-1.el9_0?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "crun-debuginfo-0:1.14.3-1.el9_0.s390x",
                "product": {
                  "name": "crun-debuginfo-0:1.14.3-1.el9_0.s390x",
                  "product_id": "crun-debuginfo-0:1.14.3-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/crun-debuginfo@1.14.3-1.el9_0?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "podman-docker-2:4.2.0-6.el9_0.6.noarch",
                "product": {
                  "name": "podman-docker-2:4.2.0-6.el9_0.6.noarch",
                  "product_id": "podman-docker-2:4.2.0-6.el9_0.6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/podman-docker@4.2.0-6.el9_0.6?arch=noarch\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-1:1.26.9-1.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64"
        },
        "product_reference": "buildah-1:1.26.9-1.el9_0.3.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-1:1.26.9-1.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le"
        },
        "product_reference": "buildah-1:1.26.9-1.el9_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-1:1.26.9-1.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x"
        },
        "product_reference": "buildah-1:1.26.9-1.el9_0.3.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-1:1.26.9-1.el9_0.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src"
        },
        "product_reference": "buildah-1:1.26.9-1.el9_0.3.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-1:1.26.9-1.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64"
        },
        "product_reference": "buildah-1:1.26.9-1.el9_0.3.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64"
        },
        "product_reference": "buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le"
        },
        "product_reference": "buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x"
        },
        "product_reference": "buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64"
        },
        "product_reference": "buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64"
        },
        "product_reference": "buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le"
        },
        "product_reference": "buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x"
        },
        "product_reference": "buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64"
        },
        "product_reference": "buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-1:1.26.9-1.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64"
        },
        "product_reference": "buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-1:1.26.9-1.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le"
        },
        "product_reference": "buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-1:1.26.9-1.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x"
        },
        "product_reference": "buildah-tests-1:1.26.9-1.el9_0.3.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-1:1.26.9-1.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64"
        },
        "product_reference": "buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64"
        },
        "product_reference": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le"
        },
        "product_reference": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x"
        },
        "product_reference": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64"
        },
        "product_reference": "buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-0:1.14.3-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64"
        },
        "product_reference": "crun-0:1.14.3-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-0:1.14.3-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le"
        },
        "product_reference": "crun-0:1.14.3-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-0:1.14.3-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x"
        },
        "product_reference": "crun-0:1.14.3-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-0:1.14.3-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src"
        },
        "product_reference": "crun-0:1.14.3-1.el9_0.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-0:1.14.3-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64"
        },
        "product_reference": "crun-0:1.14.3-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debuginfo-0:1.14.3-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64"
        },
        "product_reference": "crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debuginfo-0:1.14.3-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le"
        },
        "product_reference": "crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debuginfo-0:1.14.3-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x"
        },
        "product_reference": "crun-debuginfo-0:1.14.3-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debuginfo-0:1.14.3-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64"
        },
        "product_reference": "crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debugsource-0:1.14.3-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64"
        },
        "product_reference": "crun-debugsource-0:1.14.3-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debugsource-0:1.14.3-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le"
        },
        "product_reference": "crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debugsource-0:1.14.3-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x"
        },
        "product_reference": "crun-debugsource-0:1.14.3-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "crun-debugsource-0:1.14.3-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64"
        },
        "product_reference": "crun-debugsource-0:1.14.3-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-2:4.2.0-6.el9_0.6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src"
        },
        "product_reference": "podman-2:4.2.0-6.el9_0.6.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debugsource-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debugsource-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-debugsource-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-docker-2:4.2.0-6.el9_0.6.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch"
        },
        "product_reference": "podman-docker-2:4.2.0-6.el9_0.6.noarch",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-plugins-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-remote-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-remote-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-remote-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-tests-2:4.2.0-6.el9_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64"
        },
        "product_reference": "podman-tests-2:4.2.0-6.el9_0.6.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-tests-2:4.2.0-6.el9_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le"
        },
        "product_reference": "podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-tests-2:4.2.0-6.el9_0.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x"
        },
        "product_reference": "podman-tests-2:4.2.0-6.el9_0.6.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-tests-2:4.2.0-6.el9_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64"
        },
        "product_reference": "podman-tests-2:4.2.0-6.el9_0.6.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-4:1.2.9-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64"
        },
        "product_reference": "runc-4:1.2.9-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-4:1.2.9-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le"
        },
        "product_reference": "runc-4:1.2.9-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-4:1.2.9-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x"
        },
        "product_reference": "runc-4:1.2.9-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-4:1.2.9-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src"
        },
        "product_reference": "runc-4:1.2.9-1.el9_0.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-4:1.2.9-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64"
        },
        "product_reference": "runc-4:1.2.9-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-4:1.2.9-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64"
        },
        "product_reference": "runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-4:1.2.9-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le"
        },
        "product_reference": "runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-4:1.2.9-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x"
        },
        "product_reference": "runc-debuginfo-4:1.2.9-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-4:1.2.9-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64"
        },
        "product_reference": "runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-4:1.2.9-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64"
        },
        "product_reference": "runc-debugsource-4:1.2.9-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-4:1.2.9-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le"
        },
        "product_reference": "runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-4:1.2.9-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x"
        },
        "product_reference": "runc-debugsource-4:1.2.9-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-4:1.2.9-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
        },
        "product_reference": "runc-debugsource-4:1.2.9-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-2:1.8.0-4.1.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64"
        },
        "product_reference": "skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-2:1.8.0-4.1.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le"
        },
        "product_reference": "skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-2:1.8.0-4.1.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x"
        },
        "product_reference": "skopeo-2:1.8.0-4.1.el9_0.2.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-2:1.8.0-4.1.el9_0.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src"
        },
        "product_reference": "skopeo-2:1.8.0-4.1.el9_0.2.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-2:1.8.0-4.1.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64"
        },
        "product_reference": "skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64"
        },
        "product_reference": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le"
        },
        "product_reference": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x"
        },
        "product_reference": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64"
        },
        "product_reference": "skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64"
        },
        "product_reference": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le"
        },
        "product_reference": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x"
        },
        "product_reference": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64"
        },
        "product_reference": "skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64"
        },
        "product_reference": "skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le"
        },
        "product_reference": "skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x"
        },
        "product_reference": "skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "product_id": "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        },
        "product_reference": "skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:17:18.235000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404705"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container\u0027s /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404705",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-31133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T15:24:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8325"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix\nDAC and thus user namespaces stop a container process from being able to write to them.\n\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n\n* Depending on the maskedPath configuration (the default configuratio nonly masks paths in /proc and /sys), using an AppArmor that blocks unexpectedwrites to any maskedPaths (as is the case with the defaultprofile used by Docker and Podman) will block attempts to exploit this issue. However, CVE-2025-52881 allows an attacker to bypass LSMlabels, and so this mitigation is not helpful when considered incombination with CVE-2025-52881.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions"
    },
    {
      "cve": "CVE-2025-47913",
      "discovery_date": "2025-11-13T22:01:26.092452+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2414943"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-47913"
        },
        {
          "category": "external",
          "summary": "RHBZ#2414943",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
          "url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/700295",
          "url": "https://go.dev/cl/700295"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/75178",
          "url": "https://go.dev/issue/75178"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4116",
          "url": "https://pkg.go.dev/vuln/GO-2025-4116"
        }
      ],
      "release_date": "2025-11-13T21:29:39.907000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T15:24:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8325"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
    },
    {
      "cve": "CVE-2025-52565",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.653000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: container escape with malicious config due to /dev/console mount and related races",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
        }
      ],
      "release_date": "2025-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T15:24:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8325"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: container escape with malicious config due to /dev/console mount and related races"
    },
    {
      "cve": "CVE-2025-52881",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.652000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404715"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404715",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/selinux/pull/237",
          "url": "https://github.com/opencontainers/selinux/pull/237"
        }
      ],
      "release_date": "2025-11-05T09:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T15:24:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8325"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
    },
    {
      "cve": "CVE-2025-58183",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-10-29T23:01:50.573951+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2407258"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "RHBZ#2407258",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/709861",
          "url": "https://go.dev/cl/709861"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/75677",
          "url": "https://go.dev/issue/75677"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
          "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4014",
          "url": "https://pkg.go.dev/vuln/GO-2025-4014"
        }
      ],
      "release_date": "2025-10-29T22:10:14.376000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T15:24:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8325"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
    },
    {
      "cve": "CVE-2025-65637",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-12-04T19:00:54.313916+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418900"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go\u2019s internal bufio.Scanner, the read operation fails with a \u201ctoken too long\u201d error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is categorized as Moderate because its impact is limited to the logging subsystem and requires a specific, non-default usage pattern to trigger\u2014namely, sending a single unbounded line exceeding 64KB through Entry.Writer(). Most Logrus deployments do not expose this interface directly to attacker-controlled input, which raises the attack complexity and reduces realistic exploitability. Additionally, the flaw does not affect confidentiality or integrity, nor does it allow code execution or privilege escalation. The failure results in a controlled degradation of availability (logging becoming non-functional), rather than a broader application outage or systemic compromise. These constrained conditions and limited real-world impact justify treating the issue as moderate rather than important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
          "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
          "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
          "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
          "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
          "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
          "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
          "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
          "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-65637"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418900",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418900"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-65637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65637",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65637"
        },
        {
          "category": "external",
          "summary": "https://github.com/mjuanxd/logrus-dos-poc",
          "url": "https://github.com/mjuanxd/logrus-dos-poc"
        },
        {
          "category": "external",
          "summary": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md",
          "url": "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md"
        },
        {
          "category": "external",
          "summary": "https://github.com/sirupsen/logrus/issues/1370",
          "url": "https://github.com/sirupsen/logrus/issues/1370"
        },
        {
          "category": "external",
          "summary": "https://github.com/sirupsen/logrus/pull/1376",
          "url": "https://github.com/sirupsen/logrus/pull/1376"
        },
        {
          "category": "external",
          "summary": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3",
          "url": "https://github.com/sirupsen/logrus/releases/tag/v1.8.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1",
          "url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3",
          "url": "https://github.com/sirupsen/logrus/releases/tag/v1.9.3"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391",
          "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391"
        }
      ],
      "release_date": "2025-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-15T15:24:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8325"
        },
        {
          "category": "workaround",
          "details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.src",
            "AppStream-9.0.0.Z.E4S:buildah-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-debugsource-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.aarch64",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.ppc64le",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.s390x",
            "AppStream-9.0.0.Z.E4S:buildah-tests-debuginfo-1:1.26.9-1.el9_0.3.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:crun-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debuginfo-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:crun-debugsource-0:1.14.3-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.src",
            "AppStream-9.0.0.Z.E4S:podman-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-catatonit-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-debugsource-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-docker-2:4.2.0-6.el9_0.6.noarch",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-gvproxy-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-plugins-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-remote-debuginfo-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.aarch64",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.ppc64le",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.s390x",
            "AppStream-9.0.0.Z.E4S:podman-tests-2:4.2.0-6.el9_0.6.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.src",
            "AppStream-9.0.0.Z.E4S:runc-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debuginfo-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.s390x",
            "AppStream-9.0.0.Z.E4S:runc-debugsource-4:1.2.9-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.src",
            "AppStream-9.0.0.Z.E4S:skopeo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debuginfo-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-debugsource-2:1.8.0-4.1.el9_0.2.x86_64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.aarch64",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.ppc64le",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.s390x",
            "AppStream-9.0.0.Z.E4S:skopeo-tests-2:1.8.0-4.1.el9_0.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload"
    }
  ]
}

RHSA-2026:8433

Vulnerability from csaf_redhat - Published: 2026-04-16 10:06 - Updated: 2026-06-25 11:18

Summary

Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update

Severity

Important

Notes

Topic: An updated OpenShift Compliance Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.

Details: The OpenShift Compliance Operator v1.9.0 is now available. See the documentation for bug fix information: https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/compliance-operator#compliance-operator-release-notes

CVE-2025-52881

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64	—	Vendor Fix fix Workaround

Known not affected 13 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64	—	Workaround

Threats

Impact Important

CVE-2025-61726

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64		—	Vendor Fix fix Workaround

Known not affected 16 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64	—	Workaround

Threats

Impact Important

CVE-2025-61729

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1050 - Excessive Platform Resource Consumption within a Loop

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64		—

Threats

Impact Important

CVE-2025-68121

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64		—	Vendor Fix fix

Known not affected 16 products

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le		—
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64		—

Threats

Impact Moderate

CVE-2026-4645

A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64	—	Vendor Fix fix Workaround

Known not affected 12 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64	—	Workaround

Threats

Impact Important

CVE-2026-25679

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64		—	Vendor Fix fix Workaround

Known not affected 16 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64	—	Workaround

Threats

Impact Important

CVE-2026-33186

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64		—	Vendor Fix fix Workaround

Known not affected 16 products

Product	Version	Remediation
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le	—	Workaround
Unresolved product id: OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64	—	Workaround

Threats

Impact Important

References

55 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:8433	self
https://access.redhat.com/security/cve/CVE-2025-52881	external
https://access.redhat.com/security/cve/CVE-2025-61726	external
https://access.redhat.com/security/cve/CVE-2025-61729	external
https://access.redhat.com/security/cve/CVE-2025-68121	external
https://access.redhat.com/security/cve/CVE-2026-25679	external
https://access.redhat.com/security/cve/CVE-2026-33186	external
https://access.redhat.com/security/cve/CVE-2026-4645	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-52881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2404715	external
https://www.cve.org/CVERecord?id=CVE-2025-52881	external
https://nvd.nist.gov/vuln/detail/CVE-2025-52881	external
https://github.com/opencontainers/runc/security/a…	external
https://github.com/opencontainers/selinux/pull/237	external
https://access.redhat.com/security/cve/CVE-2025-61726	self
https://bugzilla.redhat.com/show_bug.cgi?id=2434432	external
https://www.cve.org/CVERecord?id=CVE-2025-61726	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61726	external
https://go.dev/cl/736712	external
https://go.dev/issue/77101	external
https://groups.google.com/g/golang-announce/c/Vd2…	external
https://pkg.go.dev/vuln/GO-2026-4341	external
https://access.redhat.com/security/cve/CVE-2025-61729	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418462	external
https://www.cve.org/CVERecord?id=CVE-2025-61729	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61729	external
https://go.dev/cl/725920	external
https://go.dev/issue/76445	external
https://groups.google.com/g/golang-announce/c/8FJ…	external
https://pkg.go.dev/vuln/GO-2025-4155	external
https://access.redhat.com/security/cve/CVE-2025-68121	self
https://bugzilla.redhat.com/show_bug.cgi?id=2437111	external
https://www.cve.org/CVERecord?id=CVE-2025-68121	external
https://nvd.nist.gov/vuln/detail/CVE-2025-68121	external
https://go.dev/cl/737700	external
https://go.dev/issue/77217	external
https://groups.google.com/g/golang-announce/c/K09…	external
https://pkg.go.dev/vuln/GO-2026-4337	external
https://access.redhat.com/security/cve/CVE-2026-4645	self
https://www.cve.org/CVERecord?id=CVE-2026-4645	external
https://access.redhat.com/security/cve/CVE-2026-25679	self
https://bugzilla.redhat.com/show_bug.cgi?id=2445356	external
https://www.cve.org/CVERecord?id=CVE-2026-25679	external
https://nvd.nist.gov/vuln/detail/CVE-2026-25679	external
https://go.dev/cl/752180	external
https://go.dev/issue/77578	external
https://groups.google.com/g/golang-announce/c/Edh…	external
https://pkg.go.dev/vuln/GO-2026-4601	external
https://access.redhat.com/security/cve/CVE-2026-33186	self
https://bugzilla.redhat.com/show_bug.cgi?id=2449833	external
https://www.cve.org/CVERecord?id=CVE-2026-33186	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33186	external
https://github.com/grpc/grpc-go/security/advisori…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated OpenShift Compliance Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The OpenShift Compliance Operator v1.9.0 is now available.\nSee the documentation for bug fix information:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/compliance-operator#compliance-operator-release-notes",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:8433",
        "url": "https://access.redhat.com/errata/RHSA-2026:8433"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
        "url": "https://access.redhat.com/security/cve/CVE-2025-52881"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
        "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4645",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4645"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8433.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T11:18:34+00:00",
      "generator": {
        "date": "2026-06-25T11:18:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.1.0"
        }
      },
      "id": "RHSA-2026:8433",
      "initial_release_date": "2026-04-16T10:06:55+00:00",
      "revision_history": [
        {
          "date": "2026-04-16T10:06:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-16T10:07:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T11:18:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Compliance Operator 1",
                "product": {
                  "name": "OpenShift Compliance Operator 1",
                  "product_id": "OpenShift Compliance Operator 1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_compliance_operator:1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Compliance Operator"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-operator-bundle@sha256%3Ae2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776237332"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776170256"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3Ab6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641344"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641480"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3A45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776235578"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089?arch=arm64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776170256"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb?arch=arm64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641344"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3Aee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62?arch=arm64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641480"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3Aff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487?arch=arm64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776235578"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3Aa80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776170256"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641344"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3A62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641480"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3Af3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776235578"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-content-rhel8@sha256%3A1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac?arch=s390x\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776170256"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-must-gather-rhel8@sha256%3A2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139?arch=s390x\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641344"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-openscap-rhel8@sha256%3Ae0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7?arch=s390x\u0026repository_url=registry.redhat.io/compliance\u0026tag=1775641480"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
                "product": {
                  "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
                  "product_id": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-compliance-rhel8-operator@sha256%3Ab1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539?arch=s390x\u0026repository_url=registry.redhat.io/compliance\u0026tag=1776235578"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64 as a component of OpenShift Compliance Operator 1",
          "product_id": "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        },
        "product_reference": "registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64",
        "relates_to_product_reference": "OpenShift Compliance Operator 1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-52881",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2025-10-17T14:19:18.652000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404715"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404715",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/selinux/pull/237",
          "url": "https://github.com/opencontainers/selinux/pull/237"
        }
      ],
      "release_date": "2025-11-05T09:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        },
        {
          "category": "workaround",
          "details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
    },
    {
      "cve": "CVE-2025-61726",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:42.791305+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736712",
          "url": "https://go.dev/cl/736712"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77101",
          "url": "https://go.dev/issue/77101"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4341",
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "release_date": "2026-01-28T19:30:31.215000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2025-68121",
      "discovery_date": "2026-02-05T18:01:30.086058+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/737700",
          "url": "https://go.dev/cl/737700"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77217",
          "url": "https://go.dev/issue/77217"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4337",
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "release_date": "2026-02-05T17:48:44.141000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "cve": "CVE-2026-4645",
      "discovery_date": "2026-03-23T06:02:52.120840+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64"
          ]
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "other",
          "text": "A denial of service vulnerability was discovered in `github.com/antchfx/xpath`, with Important severity. Systems processing untrusted XPath expressions are vulnerable to an infinite loop, leading to 100% CPU utilization which would impact normal operations of the system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4645"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4645"
        }
      ],
      "release_date": "2026-03-17T20:58:59+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, restrict the processing of untrusted or unvalidated XPath expressions by applications which utilize the `github.com/antchfx/xpath` component. Implement input validation and sanitization for all XPath expressions originating from external or untrusted sources. If possible, configure applications to only process XPath expressions from trusted sources or disable features that allow arbitrary XPath expression evaluation.",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/antchfx/xpath: xpath: Denial of Service via crafted Boolean XPath expressions"
    },
    {
      "cve": "CVE-2026-25679",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-03-06T22:02:11.567841+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752180",
          "url": "https://go.dev/cl/752180"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77578",
          "url": "https://go.dev/issue/77578"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4601",
          "url": "https://pkg.go.dev/vuln/GO-2026-4601"
        }
      ],
      "release_date": "2026-03-06T21:28:14.211000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "cve": "CVE-2026-33186",
      "cwe": {
        "id": "CWE-551",
        "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
      },
      "discovery_date": "2026-03-20T23:02:27.802640+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449833"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
        ],
        "known_not_affected": [
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
          "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449833",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
          "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
        }
      ],
      "release_date": "2026-03-20T22:23:32.147000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:06:55+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n  \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8433"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
          "product_ids": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62_arm64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb_amd64",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539_s390x",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a_ppc64le",
            "OpenShift Compliance Operator 1:registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    }
  ]
}

SUSE-SU-2025:21036-1

Vulnerability from csaf_suse - Published: 2025-11-10 14:45 - Updated: 2025-11-10 14:45

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Patchnames: SUSE-SLE-Micro-6.0-512

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252110	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.3.3. Upstream changelog is available from\n\u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.3\u003e. bsc#1252232\n  * CVE-2025-31133\n  * CVE-2025-52565\n  * CVE-2025-52881\n\nUpdate to runc v1.3.2. Upstream changelog is available from\n\u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.2\u003e bsc#1252110\n\n- Includes an important fix for the CPUSet translation for cgroupv2.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-512",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21036-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:21036-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521036-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:21036-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023397.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252110",
        "url": "https://bugzilla.suse.com/1252110"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-10T14:45:27Z",
      "generator": {
        "date": "2025-11-10T14:45:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:21036-1",
      "initial_release_date": "2025-11-10T14:45:27Z",
      "revision_history": [
        {
          "date": "2025-11-10T14:45:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.aarch64",
                "product": {
                  "name": "runc-1.3.3-1.1.aarch64",
                  "product_id": "runc-1.3.3-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.s390x",
                "product": {
                  "name": "runc-1.3.3-1.1.s390x",
                  "product_id": "runc-1.3.3-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-1.1.x86_64",
                "product": {
                  "name": "runc-1.3.3-1.1.x86_64",
                  "product_id": "runc-1.3.3-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64"
        },
        "product_reference": "runc-1.3.3-1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x"
        },
        "product_reference": "runc-1.3.3-1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-1.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
        },
        "product_reference": "runc-1.3.3-1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:45:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:45:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
          "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.aarch64",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.s390x",
            "SUSE Linux Micro 6.0:runc-1.3.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:45:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:21038-1

Vulnerability from csaf_suse - Published: 2025-11-10 14:47 - Updated: 2025-11-10 14:47

Summary

Security update for podman

Severity

Moderate

Notes

Title of the patch: Security update for podman

Description of the patch: This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed various container breakouts (bsc#1252376): - Fixed podman & buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)

Patchnames: SUSE-SLE-Micro-6.0-513

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252376	self
https://bugzilla.suse.com/1252543	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for podman",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed various container breakouts (bsc#1252376):\n- Fixed podman \u0026 buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-513",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21038-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:21038-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521038-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:21038-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023395.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252376",
        "url": "https://bugzilla.suse.com/1252376"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252543",
        "url": "https://bugzilla.suse.com/1252543"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for podman",
    "tracking": {
      "current_release_date": "2025-11-10T14:47:12Z",
      "generator": {
        "date": "2025-11-10T14:47:12Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:21038-1",
      "initial_release_date": "2025-11-10T14:47:12Z",
      "revision_history": [
        {
          "date": "2025-11-10T14:47:12Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "podman-4.9.5-9.1.aarch64",
                "product": {
                  "name": "podman-4.9.5-9.1.aarch64",
                  "product_id": "podman-4.9.5-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-4.9.5-9.1.aarch64",
                "product": {
                  "name": "podman-remote-4.9.5-9.1.aarch64",
                  "product_id": "podman-remote-4.9.5-9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "podmansh-4.9.5-9.1.aarch64",
                "product": {
                  "name": "podmansh-4.9.5-9.1.aarch64",
                  "product_id": "podmansh-4.9.5-9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "podman-docker-4.9.5-9.1.noarch",
                "product": {
                  "name": "podman-docker-4.9.5-9.1.noarch",
                  "product_id": "podman-docker-4.9.5-9.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "podman-4.9.5-9.1.s390x",
                "product": {
                  "name": "podman-4.9.5-9.1.s390x",
                  "product_id": "podman-4.9.5-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-4.9.5-9.1.s390x",
                "product": {
                  "name": "podman-remote-4.9.5-9.1.s390x",
                  "product_id": "podman-remote-4.9.5-9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "podmansh-4.9.5-9.1.s390x",
                "product": {
                  "name": "podmansh-4.9.5-9.1.s390x",
                  "product_id": "podmansh-4.9.5-9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "podman-4.9.5-9.1.x86_64",
                "product": {
                  "name": "podman-4.9.5-9.1.x86_64",
                  "product_id": "podman-4.9.5-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "podman-remote-4.9.5-9.1.x86_64",
                "product": {
                  "name": "podman-remote-4.9.5-9.1.x86_64",
                  "product_id": "podman-remote-4.9.5-9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "podmansh-4.9.5-9.1.x86_64",
                "product": {
                  "name": "podmansh-4.9.5-9.1.x86_64",
                  "product_id": "podmansh-4.9.5-9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-4.9.5-9.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64"
        },
        "product_reference": "podman-4.9.5-9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-4.9.5-9.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x"
        },
        "product_reference": "podman-4.9.5-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-4.9.5-9.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64"
        },
        "product_reference": "podman-4.9.5-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-docker-4.9.5-9.1.noarch as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch"
        },
        "product_reference": "podman-docker-4.9.5-9.1.noarch",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-4.9.5-9.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64"
        },
        "product_reference": "podman-remote-4.9.5-9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-4.9.5-9.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x"
        },
        "product_reference": "podman-remote-4.9.5-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podman-remote-4.9.5-9.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64"
        },
        "product_reference": "podman-remote-4.9.5-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podmansh-4.9.5-9.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64"
        },
        "product_reference": "podmansh-4.9.5-9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podmansh-4.9.5-9.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x"
        },
        "product_reference": "podmansh-4.9.5-9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "podmansh-4.9.5-9.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
        },
        "product_reference": "podmansh-4.9.5-9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
          "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:47:12Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
          "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:47:12Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
          "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
          "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podman-docker-4.9.5-9.1.noarch",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podman-remote-4.9.5-9.1.x86_64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.aarch64",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.s390x",
            "SUSE Linux Micro 6.0:podmansh-4.9.5-9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:47:12Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:21054-1

Vulnerability from csaf_suse - Published: 2025-11-10 14:24 - Updated: 2025-11-10 14:24

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Description of the patch: This update for runc fixes the following issues: - Update to runc v1.3.3. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 - Update to runc v1.3.2. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2.

Patchnames: SUSE-SLE-Micro-6.1-333

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252110	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- Update to runc v1.3.3. Upstream changelog is available from\n  \u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.3\u003e. bsc#1252232\n  * CVE-2025-31133\n  * CVE-2025-52565\n  * CVE-2025-52881\n\n- Update to runc v1.3.2. Upstream changelog is available from\n  \u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.2\u003e bsc#1252110\n  - Includes an important fix for the CPUSet translation for cgroupv2.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.1-333",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21054-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:21054-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521054-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:21054-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023420.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252110",
        "url": "https://bugzilla.suse.com/1252110"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-10T14:24:22Z",
      "generator": {
        "date": "2025-11-10T14:24:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:21054-1",
      "initial_release_date": "2025-11-10T14:24:22Z",
      "revision_history": [
        {
          "date": "2025-11-10T14:24:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-slfo.1.1_1.1.aarch64",
                "product": {
                  "name": "runc-1.3.3-slfo.1.1_1.1.aarch64",
                  "product_id": "runc-1.3.3-slfo.1.1_1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-slfo.1.1_1.1.ppc64le",
                "product": {
                  "name": "runc-1.3.3-slfo.1.1_1.1.ppc64le",
                  "product_id": "runc-1.3.3-slfo.1.1_1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-slfo.1.1_1.1.s390x",
                "product": {
                  "name": "runc-1.3.3-slfo.1.1_1.1.s390x",
                  "product_id": "runc-1.3.3-slfo.1.1_1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-slfo.1.1_1.1.x86_64",
                "product": {
                  "name": "runc-1.3.3-slfo.1.1_1.1.x86_64",
                  "product_id": "runc-1.3.3-slfo.1.1_1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.1",
                "product": {
                  "name": "SUSE Linux Micro 6.1",
                  "product_id": "SUSE Linux Micro 6.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64"
        },
        "product_reference": "runc-1.3.3-slfo.1.1_1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-slfo.1.1_1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x"
        },
        "product_reference": "runc-1.3.3-slfo.1.1_1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
        },
        "product_reference": "runc-1.3.3-slfo.1.1_1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:24:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:24:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
          "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.aarch64",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.ppc64le",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.s390x",
            "SUSE Linux Micro 6.1:runc-1.3.3-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-10T14:24:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:21072-1

Vulnerability from csaf_suse - Published: 2025-11-20 16:43 - Updated: 2025-11-20 16:43

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Description of the patch: This update for runc fixes the following issues: - Update to runc v1.3.3: * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252232)

Patchnames: SUSE-SL-Micro-6.2-46

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252110	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- Update to runc v1.3.3:\n  * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing\n    runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252232)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SL-Micro-6.2-46",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21072-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:21072-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521072-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:21072-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023432.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252110",
        "url": "https://bugzilla.suse.com/1252110"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-20T16:43:58Z",
      "generator": {
        "date": "2025-11-20T16:43:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:21072-1",
      "initial_release_date": "2025-11-20T16:43:58Z",
      "revision_history": [
        {
          "date": "2025-11-20T16:43:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.aarch64",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.aarch64",
                  "product_id": "runc-1.3.3-160000.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.ppc64le",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.ppc64le",
                  "product_id": "runc-1.3.3-160000.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.s390x",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.s390x",
                  "product_id": "runc-1.3.3-160000.1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.x86_64",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.x86_64",
                  "product_id": "runc-1.3.3-160000.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.2",
                "product": {
                  "name": "SUSE Linux Micro 6.2",
                  "product_id": "SUSE Linux Micro 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:transactional"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64"
        },
        "product_reference": "runc-1.3.3-160000.1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-160000.1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.s390x as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x"
        },
        "product_reference": "runc-1.3.3-160000.1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
        },
        "product_reference": "runc-1.3.3-160000.1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-20T16:43:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-20T16:43:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Micro 6.2:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-20T16:43:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:21136-1

Vulnerability from csaf_suse - Published: 2025-11-20 16:43 - Updated: 2025-11-20 16:43

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Patchnames: SUSE-SLES-16.0-46

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252110	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- Update to runc v1.3.3:\n  * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing\n    runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252232)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-46",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21136-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:21136-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521136-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:21136-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023516.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252110",
        "url": "https://bugzilla.suse.com/1252110"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-20T16:43:58Z",
      "generator": {
        "date": "2025-11-20T16:43:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:21136-1",
      "initial_release_date": "2025-11-20T16:43:58Z",
      "revision_history": [
        {
          "date": "2025-11-20T16:43:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.aarch64",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.aarch64",
                  "product_id": "runc-1.3.3-160000.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.ppc64le",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.ppc64le",
                  "product_id": "runc-1.3.3-160000.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.s390x",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.s390x",
                  "product_id": "runc-1.3.3-160000.1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-160000.1.1.x86_64",
                "product": {
                  "name": "runc-1.3.3-160000.1.1.x86_64",
                  "product_id": "runc-1.3.3-160000.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64"
        },
        "product_reference": "runc-1.3.3-160000.1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-160000.1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x"
        },
        "product_reference": "runc-1.3.3-160000.1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64"
        },
        "product_reference": "runc-1.3.3-160000.1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64"
        },
        "product_reference": "runc-1.3.3-160000.1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-160000.1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x"
        },
        "product_reference": "runc-1.3.3-160000.1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
        },
        "product_reference": "runc-1.3.3-160000.1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-20T16:43:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-20T16:43:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:runc-1.3.3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 16.0:runc-1.3.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-20T16:43:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:3950-1

Vulnerability from csaf_suse - Published: 2025-11-05 10:22 - Updated: 2025-11-05 10:22

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Description of the patch: This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>

Patchnames: SUSE-2025-3950,SUSE-SLE-Micro-5.3-2025-3950,SUSE-SLE-Micro-5.4-2025-3950,SUSE-SLE-Micro-5.5-2025-3950,SUSE-SLE-Module-Basesystem-15-SP7-2025-3950,SUSE-SLE-Module-Containers-15-SP6-2025-3950,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3950,SUSE-SUSE-MicroOS-5.2-2025-3950,SUSE-Storage-7.1-2025-3950,openSUSE-SLE-15.6-2025-3950

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 55 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 55 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 55 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64	—	Vendor Fix

Threats

Impact important

References

14 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252232).\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).\n\nUpdate to runc v1.2.7. \n\n- Upstream changelog is available from \u003chttps://github.com/opencontainers/runc/releases/tag/v1.2.7\u003e\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3950,SUSE-SLE-Micro-5.3-2025-3950,SUSE-SLE-Micro-5.4-2025-3950,SUSE-SLE-Micro-5.5-2025-3950,SUSE-SLE-Module-Basesystem-15-SP7-2025-3950,SUSE-SLE-Module-Containers-15-SP6-2025-3950,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3950,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3950,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3950,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3950,SUSE-SUSE-MicroOS-5.2-2025-3950,SUSE-Storage-7.1-2025-3950,openSUSE-SLE-15.6-2025-3950",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3950-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:3950-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253950-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:3950-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023152.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-05T10:22:48Z",
      "generator": {
        "date": "2025-11-05T10:22:48Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:3950-1",
      "initial_release_date": "2025-11-05T10:22:48Z",
      "revision_history": [
        {
          "date": "2025-11-05T10:22:48Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.aarch64",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.aarch64",
                  "product_id": "runc-1.2.7-150000.80.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.i586",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.i586",
                  "product_id": "runc-1.2.7-150000.80.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.ppc64le",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.ppc64le",
                  "product_id": "runc-1.2.7-150000.80.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.s390x",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.s390x",
                  "product_id": "runc-1.2.7-150000.80.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-150000.80.1.x86_64",
                "product": {
                  "name": "runc-1.2.7-150000.80.1.x86_64",
                  "product_id": "runc-1.2.7-150000.80.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7.1",
                "product": {
                  "name": "SUSE Enterprise Storage 7.1",
                  "product_id": "SUSE Enterprise Storage 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-150000.80.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x"
        },
        "product_reference": "runc-1.2.7-150000.80.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-150000.80.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        },
        "product_reference": "runc-1.2.7-150000.80.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:22:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:22:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
          "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:runc-1.2.7-150000.80.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:runc-1.2.7-150000.80.1.x86_64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.aarch64",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.s390x",
            "openSUSE Leap 15.6:runc-1.2.7-150000.80.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:22:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:3951-1

Vulnerability from csaf_suse - Published: 2025-11-05 10:23 - Updated: 2025-11-05 10:23

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Patchnames: SUSE-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3951

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64	—	Vendor Fix

Threats

Impact important

References

14 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252232).\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).\n\nUpdate to runc v1.2.7. \n\n- Upstream changelog is available from \u003chttps://github.com/opencontainers/runc/releases/tag/v1.2.7\u003e\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3951,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3951",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3951-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:3951-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253951-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:3951-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023151.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-05T10:23:31Z",
      "generator": {
        "date": "2025-11-05T10:23:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:3951-1",
      "initial_release_date": "2025-11-05T10:23:31Z",
      "revision_history": [
        {
          "date": "2025-11-05T10:23:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.aarch64",
                "product": {
                  "name": "runc-1.2.7-16.67.1.aarch64",
                  "product_id": "runc-1.2.7-16.67.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.i586",
                "product": {
                  "name": "runc-1.2.7-16.67.1.i586",
                  "product_id": "runc-1.2.7-16.67.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.ppc64le",
                "product": {
                  "name": "runc-1.2.7-16.67.1.ppc64le",
                  "product_id": "runc-1.2.7-16.67.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.s390x",
                "product": {
                  "name": "runc-1.2.7-16.67.1.s390x",
                  "product_id": "runc-1.2.7-16.67.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.2.7-16.67.1.x86_64",
                "product": {
                  "name": "runc-1.2.7-16.67.1.x86_64",
                  "product_id": "runc-1.2.7-16.67.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64"
        },
        "product_reference": "runc-1.2.7-16.67.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le"
        },
        "product_reference": "runc-1.2.7-16.67.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x"
        },
        "product_reference": "runc-1.2.7-16.67.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64"
        },
        "product_reference": "runc-1.2.7-16.67.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.2.7-16.67.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        },
        "product_reference": "runc-1.2.7-16.67.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:runc-1.2.7-16.67.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:runc-1.2.7-16.67.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-05T10:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

SUSE-SU-2025:4073-1

Vulnerability from csaf_suse - Published: 2025-11-12 10:34 - Updated: 2025-11-12 10:34

Summary

Security update for runc

Severity

Important

Notes

Title of the patch: Security update for runc

Description of the patch: This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.1> Update to runc v1.3.0. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.0>

Patchnames: SUSE-2025-4073,SUSE-SLE-Micro-5.3-2025-4073,SUSE-SLE-Micro-5.4-2025-4073,SUSE-SLE-Micro-5.5-2025-4073,SUSE-SLE-Module-Basesystem-15-SP7-2025-4073,SUSE-SLE-Module-Containers-15-SP6-2025-4073,SUSE-SUSE-MicroOS-5.2-2025-4073,SUSE-Storage-7.1-2025-4073,openSUSE-SLE-15.6-2025-4073

CVE-2025-31133

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-52881

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64	—	Vendor Fix

Threats

Impact important

References

15 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1252110	self
https://bugzilla.suse.com/1252232	self
https://www.suse.com/security/cve/CVE-2025-31133/	self
https://www.suse.com/security/cve/CVE-2025-52565/	self
https://www.suse.com/security/cve/CVE-2025-52881/	self
https://www.suse.com/security/cve/CVE-2025-31133	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52565	external
https://bugzilla.suse.com/1252232	external
https://www.suse.com/security/cve/CVE-2025-52881	external
https://bugzilla.suse.com/1252232	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for runc fixes the following issues:\n\nUpdate to runc v1.3.3. Upstream changelog is available from\n\n  \u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.3\u003e. bsc#1252232\n\n  * CVE-2025-31133\n  * CVE-2025-52565\n  * CVE-2025-52881\n\nUpdate to runc v1.3.2. Upstream changelog is available from\n\n\u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.2\u003e bsc#1252110\n\n  - Includes an important fix for the CPUSet translation for cgroupv2.\n\nUpdate to runc v1.3.1. Upstream changelog is available from\n\n\u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.1\u003e\n\nUpdate to runc v1.3.0. Upstream changelog is available from\n\n\u003chttps://github.com/opencontainers/runc/releases/tag/v1.3.0\u003e",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-4073,SUSE-SLE-Micro-5.3-2025-4073,SUSE-SLE-Micro-5.4-2025-4073,SUSE-SLE-Micro-5.5-2025-4073,SUSE-SLE-Module-Basesystem-15-SP7-2025-4073,SUSE-SLE-Module-Containers-15-SP6-2025-4073,SUSE-SUSE-MicroOS-5.2-2025-4073,SUSE-Storage-7.1-2025-4073,openSUSE-SLE-15.6-2025-4073",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4073-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:4073-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254073-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:4073-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023265.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252110",
        "url": "https://bugzilla.suse.com/1252110"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252232",
        "url": "https://bugzilla.suse.com/1252232"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52565 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52881/"
      }
    ],
    "title": "Security update for runc",
    "tracking": {
      "current_release_date": "2025-11-12T10:34:42Z",
      "generator": {
        "date": "2025-11-12T10:34:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:4073-1",
      "initial_release_date": "2025-11-12T10:34:42Z",
      "revision_history": [
        {
          "date": "2025-11-12T10:34:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-150000.85.1.aarch64",
                "product": {
                  "name": "runc-1.3.3-150000.85.1.aarch64",
                  "product_id": "runc-1.3.3-150000.85.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-150000.85.1.i586",
                "product": {
                  "name": "runc-1.3.3-150000.85.1.i586",
                  "product_id": "runc-1.3.3-150000.85.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-150000.85.1.ppc64le",
                "product": {
                  "name": "runc-1.3.3-150000.85.1.ppc64le",
                  "product_id": "runc-1.3.3-150000.85.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-150000.85.1.s390x",
                "product": {
                  "name": "runc-1.3.3-150000.85.1.s390x",
                  "product_id": "runc-1.3.3-150000.85.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "runc-1.3.3-150000.85.1.x86_64",
                "product": {
                  "name": "runc-1.3.3-150000.85.1.x86_64",
                  "product_id": "runc-1.3.3-150000.85.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7.1",
                "product": {
                  "name": "SUSE Enterprise Storage 7.1",
                  "product_id": "SUSE Enterprise Storage 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-150000.85.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-150000.85.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-150000.85.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le"
        },
        "product_reference": "runc-1.3.3-150000.85.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x"
        },
        "product_reference": "runc-1.3.3-150000.85.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.3.3-150000.85.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
        },
        "product_reference": "runc-1.3.3-150000.85.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31133",
          "url": "https://www.suse.com/security/cve/CVE-2025-31133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-31133",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-12T10:34:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-52565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52565",
          "url": "https://www.suse.com/security/cve/CVE-2025-52565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52565",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-12T10:34:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
          "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52881",
          "url": "https://www.suse.com/security/cve/CVE-2025-52881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252232 for CVE-2025-52881",
          "url": "https://bugzilla.suse.com/1252232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Enterprise Storage 7.1:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:runc-1.3.3-150000.85.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP6:runc-1.3.3-150000.85.1.x86_64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.aarch64",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.ppc64le",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.s390x",
            "openSUSE Leap 15.6:runc-1.3.3-150000.85.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-12T10:34:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-52881"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-52881 (GCVE-0-2025-52881)

Tags

Sightings

Nomenclature