high

Azure AZNFS-mount Utility Root Privilege Escalation

Published Tue, May 6th, 2025
Platforms

Summary

A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.

Affected Services

Azure Blob Storage, Azure HPC, Azure AI

Remediation

Enable the AZNFS-mount utility's auto-update feature or manually update to version 2.0.11 or later.

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitablity Period
Until 2.0.11
Known ITW Exploitation
-
Detection Methods
Check for the presence of AZNFS-mount utility versions prior to 2.0.11 on Azure HPC/AI workloads or systems using Azure Blob Storage with NFS.
Piercing Index Rating
-
Discovered by
Tal Peleg, Varonis Threat Labs

More vulnerabilities...

high

AWS Default Roles Can Lead to Service Takeover

Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account ...

...
Yakir Kadkoda, Ofek Itach, ...

high

Google Cloud ConfusedComposer Privilege Escalation Vulnerability

Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to ...

...
Liv Matan, Tenable Research

high

Burning Data with Malicious Firewall Rules in Azure SQL

Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The ...

...
Coby Abrams, Varonis Threat...

View all