FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation

Published Tue, Jun 28th, 2022


A vulnerability in Service Fabric allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. An attacker would need to have read/write access to the cluster, and the vulnerability could be exploited on containers that are configured to have runtime access, but this is granted by default to every container. Though the bug exists in both the Windows and Linux versions, it is only exploitable on Linux.

Affected Services

Service Fabric


Users can check their current Service Fabric version by navigating to their Service Fabric cluster in the Azure console and then clicking on "Fabric upgrades". If the Fabric upgrade mode is configured to "Automatic", the cluster will be updated automatically to the latest secure version. If Fabric upgrade mode is configured to "Manual", customers must update it manually to the latest version (9.0.1035.1 or higher).

Tracked CVEs



Disclosure Date
Tue, Jun 14th, 2022
Exploitablity Period
until 2022/05/24
Known ITW Exploitation
Detection Methods
Linux Service Fabric runtime < 9.0.1035.1
Piercing Index Rating
Discovered by
Aviv Sasson, Palo Alto Networks