Github.Com Opencontainers Selinux vulnerabilities

CVE-2025-52881 [HIGH] CWE-363 runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects ### Impact ### This attack is primarily a more sophisticated version of CVE-2019-19921, which was a flaw which allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy `tmpfs` file and thus not apply the correct LS

CVE-2019-16884 [HIGH] CWE-863 Incorrect Authorization in runc Incorrect Authorization in runc runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.