CVE-2025-2713

Publication date 28 March 2025

Last updated 2 April 2025

Ubuntu priority

Description

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
golang-gvisor-gvisor	26.04 LTS resolute	Not affected
	25.10 questing	Not affected
	25.04 plucky	Not affected
	24.10 oracular	Not affected
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-2713
https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e

CVE-2025-2713

Description

Status

References

Other references

Access our resources on patching vulnerabilities