Abstract

The presentation will explore Use-After-Free vulnerability and novel RCU techniques found in the Netfilter module of kernel 5.10.102.2-microsoft-standard and prior versions of 6.9, that Azure Cloud Shell runs on. Upon successful exploitation of kernel vulnerabilities, an attacker can gain elevated privileges to their own Cloudshell environment, potentially leading to container escape within user’s session and elevated access to user’s cloud resources.Azure Cloudshell runs on non-shared kernel using isolated hypervisor VM. Due to the single-tenant hypervisor security boundary, accessing the host within the container VM does not lead to cross-tenant access, but grants access within the user’s session.

The talk covers technical aspects of the vulnerability root cause, including exploitation techniques to gain elevated privileges in the user’s own Cloudshell environment. The session will examine broader implications of such vulnerabilities and their mitigations in multi-tenant cloud infrastructures. Finally, a demo will be showcased as proof of concept.

This vulnerability was disclosed responsibly to Microsoft and has been mitigated. This talk emphasizes the importance of securing kernel modules and demonstrates how proactive research can uncover and address critical risks in widely used cloud platforms. Attendees will gain valuable insights into cloud security, kernel exploitation, and the significance of vulnerability research.