Container-Escape

A vulnerability in Kata Containers allows a guest root user to escalate privileges to host root by exploiting the virtiofs shared file system to create arbitrary symlinks on the host.

CVE-2026-7374 allows an authenticated OpenShift user with edit permissions in a single namespace to escalate privileges to full cluster control by exploiting improper symlink validation in KubeVirt's virt-handler component when connecting to VM console sockets.

NanoClaw is vulnerable to a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup, potentially allowing a compromised container to read arbitrary host files or cause recursive deletion of paths outside the intended cleanup target.

The rule detects a potential chroot container escape via mount, which involves a user within a container mounting the host's root file system and using chroot to escape the containerized environment, indicating a privilege escalation attempt.

Detects suspicious chroot execution within a Linux container context, potentially indicating a container escape attempt by pivoting to an alternate root filesystem.

A vulnerability in LXD allows an attacker with instance-creation rights in a restricted project to bypass project restrictions and escalate privileges by crafting a malicious backup archive.

An oversight in the CopyFile policy in Kata Containers allows untrusted hosts to write to arbitrary locations inside the guest workload image via symlinks, enabling binary overwrites and data exfiltration.

The `unshare` command is used to create new namespaces in Linux, which can be exploited to break out of containers or elevate privileges by creating namespaces that bypass security controls.

The rule identifies suspicious usage of unshare to manipulate system namespaces, which can be utilized to escalate privileges or escape container security boundaries.