Simple container escape compared to several we’ve covered in the past, the sysctls passed into the pinns utility are delimited by a + which can be maliciously included in a value to inject otherwise blocked sysctls. There is some minimal validation on the sysctls being passed in to ensure the keys don’t match any sensitive keys, however an attacker can set a value to +sensitive.key=othervalue to smuggle in a blocked option.

Smuggling in a kernel.core_pattern could be used to execute an arbitrary file as root on the host to handle a crash dump. This would require a fairly privileged attacker who is able to deploy pods but may not have underlying access to the host system. It could also be useful as part of a chain.