Despite the fact that it is not a ‘real’ vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn’t), this could really be handy at some point in the future.
As a result of the recent discovery of the
cgroup_release_agent escape trick (CVE-2022-0492), I went on a search for calls to the
call_usermodehelper_* family and attempted to determine which ones may be easily accessed within a container environment.