Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Periodic Table
Tools
Targeted Technologies
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

Exploiting BPF load to escape to host

Tags

K8s

ATT&CK Tactic

Privilege Escalation (TA0004)

References

https://www.crowdstrike.com/blog/exploiting-cve-2021-3490-for-container-escapes/

Last edited

Jan 18, 2024 1:25 PM

Status

Stub

About

CrowdStrike researchers offered a way to weaponize an older kernel privilege escalation CVE-2021-3490 to container environments.

The escape requires CAP_BPF privilege in the initial namespace and thus is only pertinent to containers with this specific privilege.

Made with 💙 by Wiz

Last Updated: June 25, 2024