| ▲ | jeffbee 3 days ago | |
Hrmm. "Take over the entire machine" type vulnerabilities, or "these namespaces weren't quite as isolated as we thought" vulnerabilities? | ||
| ▲ | chupasaurus 3 days ago | parent | next [-] | |
The latter can easily propagate to the former if seccomp/AppArmor/MAC isn't set properly. | ||
| ▲ | cpuguy83 3 days ago | parent | prev | next [-] | |
Escalating from an unprivileged user to root by creating userns and exploiting various things in the kernel along the way. | ||
| ▲ | LtWorf 3 days ago | parent | prev [-] | |
CVEs are publicly available | ||