Abstract
Cloud computing providers rely on multi-tenant architectures to maximize resource efficiency. This infrastructure depends on virtualization, which provides isolation between clients. This comes primarily in the form of Virtual Machines (VMs) and Containers. However, “breakout attacks” or “escapes” are a critical threat where attackers bypass these isolation layers to gain unauthorized access to the host system and neighboring environments. This paper surveys virtualization escape threats and analyzes three case studies: a runc container escape (Leaky Vessels), a VMware ESXi VM escape (VSOCKPuppet), and an NVIDIA GPU container escape (NVIDIAScape). Each demonstrates different attack surfaces, including file descriptor misuse, kernel driver exploitation, and code execution in privileged hooks. The paper further evaluates defenses including runtime hardening, the principle of least privilege, and secure data storage practices. A demonstration in Docker explains how to execute a container escape and its mitigation via user namespace remapping.
Faculty Advisor/Mentor
Jonathan Takeshita
Document Type
Paper
Disciplines
Computer and Systems Architecture | Cybersecurity | Other Computer Sciences
DOI
10.25776/7pr2-3v56
Publication Date
4-10-2026
Upload File
wf_yes
Included in
Computer and Systems Architecture Commons, Cybersecurity Commons, Other Computer Sciences Commons
Escaping Isolation: An Analysis of Virtual Machine and Container Breakout Vulnerabilities
Cloud computing providers rely on multi-tenant architectures to maximize resource efficiency. This infrastructure depends on virtualization, which provides isolation between clients. This comes primarily in the form of Virtual Machines (VMs) and Containers. However, “breakout attacks” or “escapes” are a critical threat where attackers bypass these isolation layers to gain unauthorized access to the host system and neighboring environments. This paper surveys virtualization escape threats and analyzes three case studies: a runc container escape (Leaky Vessels), a VMware ESXi VM escape (VSOCKPuppet), and an NVIDIA GPU container escape (NVIDIAScape). Each demonstrates different attack surfaces, including file descriptor misuse, kernel driver exploitation, and code execution in privileged hooks. The paper further evaluates defenses including runtime hardening, the principle of least privilege, and secure data storage practices. A demonstration in Docker explains how to execute a container escape and its mitigation via user namespace remapping.