CVE-2025-64750: Singluarity ineffectively applies selinux / apparmor LSM process labels
(updated )
Native Mode (default)
Singularity’s default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules (LSMs), via the --security selinux:<label> or --security apparmor:<profile> flags.
LSM labels are written to process or thread attrs/exec under /proc. If a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so that it is ineffective. This requires:
- The attacker to cause the user to run a malicious container image that redirects the mount of
/procto the destination of a shared mount, either known to be configured on the target system, or that will be specified by the user when running the container. - Control of the content of the shared mount, for example through another malicious container which also binds it, or as a user with relevant permissions on the host system it is bound from.
Note that Singularity does not attempt to prevent damaging operations, or container escape, from containers that are started as the host root user. When a non-root user starts a container any LSM writes to /proc are performed as that user. For these reasons, the denial-of-service and container escape attacks detailed in runc CVE-2025-52881 are not relevant. Processes running in non-root containers are subject to the standard permissions for the non-root account used, and cannot escalate privilege, even when intended container-specific LSM labels are not correctly applied.
In addition, a bug in the detection of selinux support in Singularity’s default setuid flow means that --security selinux:<label> flags may not be applied, even in the absence of an attack - but in this case a warning message is emitted, indicating that selinux is unavailable. This warning may be may be overlooked, mis-interpreted, or not seen when singularity is run from a script or other tool. Failure to apply requested restrictions should result in a fatal error, rather than a warning message.
OCI-Mode
Singularity’s OCI-mode is unaffected as it does not currently support applying LSM restrictions via the --security flag.
References
- github.com/advisories/GHSA-fh74-hm69-rqjw
- github.com/advisories/GHSA-wwrx-w7c9-rf87
- github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
- github.com/sylabs/singularity
- github.com/sylabs/singularity/commit/27882963879a7af1699fd6511c3f5f1371d80f33
- github.com/sylabs/singularity/commit/5af3e790c40593591dfc26d0692e4d4b21c29ba0
- github.com/sylabs/singularity/pull/3850
- github.com/sylabs/singularity/security/advisories/GHSA-wwrx-w7c9-rf87
- nvd.nist.gov/vuln/detail/CVE-2025-64750
- pkg.go.dev/vuln/GO-2025-4177
Code Behaviors & Features
Detect and mitigate CVE-2025-64750 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →