To coincide with the discovery of the ““Dirty Pipe”” Linux security flaw, two Huawei researchers, Yiqi Sun and Kevin Wang, have discovered a vulnerability in the Linux kernel’s ““control groups”” feature that allows attackers to escape containers, escalate privileges, and execute arbitrary commands on a host machine.
According to a NIST National Vulnerability Database alert, ““under certain conditions, this weakness allows the use of the cgroups v1 release agent feature to escalate privileges and overcome namespace isolation unexpectedly,”” according to the bug’s CVSS severity level. In Kubernetes environments, this allows containers to escape.