CVE-2025-2713

Publication date 28 March 2025

Last updated 2 April 2025

Ubuntu priority

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
golang-gvisor-gvisor	25.04 plucky	Not affected
	24.10 oracular	Not affected
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-2713
https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e