ghsa-wwrx-w7c9-rf87
Vulnerability from github
Published
2025-12-02 21:07
Modified
2025-12-09 19:51
Severity ?
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
Singluarity ineffectively applies selinux / apparmor LSM process labels
Details

Impact

Native Mode (default)

Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules (LSMs), via the --security selinux:<label> or --security apparmor:<profile> flags.

LSM labels are written to process or thread attrs/exec under /proc. If a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so that it is ineffective. This requires:

  • The attacker to cause the user to run a malicious container image that redirects the mount of /proc to the destination of a shared mount, either known to be configured on the target system, or that will be specified by the user when running the container.
  • Control of the content of the shared mount, for example through another malicious container which also binds it, or as a user with relevant permissions on the host system it is bound from.

Note that Singularity does not attempt to prevent damaging operations, or container escape, from containers that are started as the host root user. When a non-root user starts a container any LSM writes to /proc are performed as that user. For these reasons, the denial-of-service and container escape attacks detailed in runc CVE-2025-52881 are not relevant. Processes running in non-root containers are subject to the standard permissions for the non-root account used, and cannot escalate privilege, even when intended container-specific LSM labels are not correctly applied.

In addition, a bug in the detection of selinux support in Singularity's default setuid flow means that --security selinux:<label> flags may not be applied, even in the absence of an attack - but in this case a warning message is emitted, indicating that selinux is unavailable. This warning may be may be overlooked, mis-interpreted, or not seen when singularity is run from a script or other tool. Failure to apply requested restrictions should result in a fatal error, rather than a warning message.

OCI-Mode

Singularity's OCI-mode is unaffected as it does not currently support applying LSM restrictions via the --security flag.

Patches

Ineffective write of selinux process labels is addressed via an update to the containers/selinux dependency in https://github.com/sylabs/singularity/pull/3850. This update brings in the upstream fix for CVE-2025-52881 in this dependency.

Ineffective write of apparmor process labels is addressed in commit 5af3e79.

Failure to detect apparmor / selinux support, when --security flags are provided, is made an error rather than a warning in commit 2788296.

Workarounds

There are no known workarounds, other than to define system-wide apparmor / selinux policy for Singularity itself. This would apply to all containers, not just those run with the --security flags. Additionally, restrictions that are reasonable to apply to container processes may impact the functionality of Singularity.

References

Related vulnerabilities in runc:

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sylabs/singularity/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0-rc.1"
            },
            {
              "fixed": "4.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sylabs/singularity/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61",
      "CWE-706"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T21:07:02Z",
    "nvd_published_at": "2025-12-02T18:15:48Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n_**Native Mode (default)**_\n\nSingularity\u0027s default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules (LSMs), via the `--security selinux:\u003clabel\u003e` or `--security apparmor:\u003cprofile\u003e` flags.\n\nLSM labels are written to process or thread `attrs/exec` under `/proc`. If a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so that it is ineffective. This requires:\n\n* The attacker to cause the user to run a malicious container image that redirects the mount of `/proc` to the destination of a shared mount, either known to be configured on the target system, or that will be specified by the user when running the container.\n* Control of the content of the shared mount, for example through another malicious container which also binds it, or as a user with relevant permissions on the host system it is bound from.\n\nNote that Singularity does not attempt to prevent damaging operations, or container escape, from containers that are started as the host root user. When a non-root user starts a container any LSM writes to /proc are performed as that user. For these reasons, the denial-of-service and container escape attacks detailed in [runc CVE-2025-52881](https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm) are not relevant. Processes running in non-root containers are subject to the standard permissions for the non-root account used, and cannot escalate privilege, even when intended container-specific LSM labels are not correctly applied.\n\nIn addition, a bug in the detection of selinux support in Singularity\u0027s default setuid flow means that `--security selinux:\u003clabel\u003e` flags may not be applied, even in the absence of an attack  - but in this case a warning message is emitted, indicating that selinux is unavailable. This warning may be may be overlooked, mis-interpreted, or not seen when singularity is run from a script or other tool. Failure to apply requested restrictions should result in a fatal error, rather than a warning message.\n\n_**OCI-Mode**_\n\nSingularity\u0027s OCI-mode is unaffected as it does not currently support applying LSM restrictions via the `--security` flag.\n\n### Patches\n\nIneffective write of selinux process labels is addressed via an update to the containers/selinux dependency in https://github.com/sylabs/singularity/pull/3850. This update brings in the upstream fix for CVE-2025-52881 in this dependency.\n\nIneffective write of apparmor process labels is addressed in commit 5af3e79.\n\nFailure to detect apparmor / selinux support, when `--security` flags are provided, is made an error rather than a warning in commit 2788296.\n\n### Workarounds\n\nThere are no known workarounds, other than to define system-wide apparmor / selinux policy for Singularity itself. This would apply to all containers, not just those run with the `--security` flags. Additionally, restrictions that are reasonable to apply to container processes may impact the functionality of Singularity.\n\n### References\n\nRelated vulnerabilities in runc:\n\n* [runc CVE-2025-52881](https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm)\n* [runc CVE-2019-19921](https://github.com/advisories/GHSA-fh74-hm69-rqjw)",
  "id": "GHSA-wwrx-w7c9-rf87",
  "modified": "2025-12-09T19:51:27Z",
  "published": "2025-12-02T21:07:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/singularity/security/advisories/GHSA-wwrx-w7c9-rf87"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64750"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/singularity/pull/3850"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/singularity/commit/27882963879a7af1699fd6511c3f5f1371d80f33"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/singularity/commit/5af3e790c40593591dfc26d0692e4d4b21c29ba0"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-fh74-hm69-rqjw"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sylabs/singularity"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-4177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Singluarity ineffectively applies selinux / apparmor LSM process labels"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.