Docker Privileged Container Escape

Posted on 06 August 2020

This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYS_ADMIN, --privileged.