Is my Docker container vulnerable to RDMA cgroup controller escape?

/static/assets/linux-logo.svg
Containers that are running in privileged mode or with SYS_ADMIN capability may be vulnerable to a privilege escalation and container escape. This TTP attempts to mount the RDMA cgroup controller and configure the release_agent to execute an arbitrary script as the root user. It is important that containers are not running in privileged mode, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my Docker container vulnerable to cgroup controller escapes?

2022-11-08

/static/assets/linux-logo.svg
Escape Docker container via cgroup controller.