Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Tools
Targeted Technologies
Posters & Newspapers
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

/

/

Exploiting BPF load to escape to host

Exploiting BPF load to escape to host

Tags

K8s

ATT&CK Tactic

Privilege Escalation (TA0004)

References

https://www.crowdstrike.com/blog/exploiting-cve-2021-3490-for-container-escapes/

Last edited

Jan 18, 2024 1:25 PM

Status

Stub

About

CrowdStrike researchers offered a way to weaponize an older kernel privilege escalation CVE-2021-3490 to container environments.

The escape requires CAP_BPF privilege in the initial namespace and thus is only pertinent to containers with this specific privilege.

Made with 💙 by Wiz

Last Updated: April 3, 2025

Exploiting BPF load to escape to host