Azure Serverless Functions escape to host
Published Thu, Dec 15th, 2022
Platforms
Summary
In Azure Serverless Functions, a new container is generated by the host for every function, which is then terminated and deleted after several minutes. Palo Alto discovered that an API call was available to bind one path to another within the container (called "init_server_pkg_mount_BindMount") that could be called by a low-privileged user but executed with root privileges. This could enable a malicious tenant to escalate their privileges to root, and then escape their container by abusing the Linux cgroup v1 “notification on release” feature (a well-known escape to host technique). This last step was possible because the container had been granted the SYS_ADMIN capability, did not have an AppArmor profile, and the cgroup v1 virtual filesystem was mounted as read-writable from within the container (all against container hardening best practice). However, the underlying HyperV host was single-tenant, thereby limiting the blast radius of this vulnerability chain. Following disclosure, Azure added additional validation for bind mount APIs, but the other elements of this attack sequence remain exploitable.
Affected Services
Azure Serverless Functions
Remediation
None required
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/mer-b
Entry Status
Finalized
Disclosure Date
Thu, Dec 15th, 2022
Exploitability Period
Ongoing
Known ITW Exploitation
-
Detection Methods
None
Piercing Index Rating
-
Discovered by
Aviv Sasson, Daniel Prizmant, Palo Alto
