Specifically, we also find that the Google Cloud Shell can be exploited as it exposes the docker.sock to containers, allowing attackers to create a privileged container to run eBPF
Three platforms’ default Kubernetes clusters (i.e., Alibaba ACK, Azure AKS, and AWS EKS) containers over-privileged Pods. ... Azure, AWS, and Alibaba have confirmed the issues and plan to remove these overprivileged Pods
Summary (give a brief description of the issue)
References (provide links to blogposts, etc.)
Cross Container Attacks: The Bewildered eBPF on Clouds