RunC user namespaces and rootless containers mitigation
Advisory/Mitigation
Summary
Hide ▲
Show ▼
RunC developers shared mitigation actions for the newly disclosed runC flaws that can let attackers bypass isolation and reach the host system. The core recommendation is to activate user namespaces for all containers without mapping the host root user into the container namespace. Sysdig also advises rootless containers and monitoring suspicious symlink behaviors to reduce risk and spot abuse.
Related Happenings
VoidLink modular Linux malware framework for cloud and container operations
Malware Activity
First: 13.01.2026 16:31
Last: 13.01.2026 16:31
Sources 1
About this happening:
Researchers uncovered **VoidLink**, a new **Linux malware framework** that expands **C2**, **persistence**, and **post-exploitation** options against **cloud and container environ...
VoidLink modular Linux malware framework for cloud and container operations
Malware ActivityAbout this happening: Researchers uncovered **VoidLink**, a new **Linux malware framework** that expands **C2**, **persistence**, and **post-exploitation** options against **cloud and container environ...
Latest development: 21.01.2026 14:51
Check Point Research concluded that the VoidLink Linux malware targeting Linux-based cloud servers was largely built by AI, likely under the direction of one person, after reviewing exposed planning documents, AI-generated documentation, and the malware's rapid evolution from concept to a working framework in about four weeks rather than the planned 30 weeks.
RunC container runtime host escape flaws (multiple vulnerabilities)
Vulnerability
First: 09.11.2025 17:11
Last: 09.11.2025 17:11
Sources 1
How related:
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
About this happening:
**runC** disclosed **three vulnerabilities** that can let attackers bypass container isolation and gain **root access on the host** in **Docker** and **Kubernetes** environments....
RunC container runtime host escape flaws (multiple vulnerabilities)
VulnerabilityHow related: Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
About this happening: **runC** disclosed **three vulnerabilities** that can let attackers bypass container isolation and gain **root access on the host** in **Docker** and **Kubernetes** environments....
Timeline
-
09.11.2025 17:11 2 articles · 6mo ago
RunC vulnerability disclosure and mitigation guidance
Mitigation Patch UpdateThree newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, could let attackers bypass isolation restrictions and gain root access on the host. Mitigation guidance included activating user namespaces for all containers without mapping the host root user into the container's namespace, using rootless containers if possible, and monitoring suspicious symlink behaviors for exploitation attempts.
Show sources
- Dangerous runC flaws could allow hackers to escape Docker containers — www.bleepingcomputer.com — 09.11.2025 17:11
- Dangerous runC flaws could allow hackers to escape Docker containers — www.bleepingcomputer.com — 09.11.2025 17:11