Is my Docker container vulnerable to RDMA cgroup controller escape?

Containers that are running in privileged mode or with SYS_ADMIN capability may be vulnerable to a privilege escalation and container escape. This TTP attempts to mount the RDMA cgroup controller and configure the release_agent to execute an arbitrary script as the root user. It is important that containers are not running in privileged mode, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my Docker container vulnerable to cgroup controller escapes?


Escape Docker container via cgroup controller.