VDB

GCVE-110-CLOUD-2022-0002

GCVE-110-CLOUD-2022-0002
Advisory Published
Vulnetix · Advisory published December 15, 2022
In Azure Serverless Functions, a new container is generated by the host for every function, which is then terminated and deleted after several minutes. Palo Alto discovered that an API call was available to bind one path to another within the container (called "init_server_pkg_mount_BindMount") that could be called by a low-privileged user but executed with root privileges. This could enable a malicious tenant to escalate their privileges to root, and then escape their container by abusing the Linux cgroup v1 “notification on release” feature (a well-known escape to host technique). This last step was possible because the container had been granted the SYS_ADMIN capability, did not have an AppArmor profile, and the cgroup v1 virtual filesystem was mounted as read-writable from within the container (all against container hardening best practice). However, the underlying HyperV host was single-tenant, thereby limiting the blast radius of this vulnerability chain. Following disclosure, Azure added additional validation for bind mount APIs, but the other elements of this attack sequence remain exploitable.

Affected Products

VendorProductVersionsPlatforms
AzureAzure Serverless Functions
AzureFunctions
AzureCloud Services

References

advisory

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›