Privilege Escalation

Privilege escalation is any bug that lets an attacker gain capabilities beyond what they were originally granted — vertical (more rights) or horizontal (other users' rights).

Definition

Privilege escalation is the outcome of any flaw that elevates an attacker's authorisation. Vertical escalation moves up the privilege hierarchy: a low-tier user gains admin, an unauthenticated visitor gains a user account, a regular process gains root. Horizontal escalation moves sideways: one user accesses another user's resources without changing their own role.

The escalation is usually the final stage of a chain. The initial vulnerability is one of the other bug classes — an IDOR, a deserialisation, a kernel UAF — and "privilege escalation" describes what the attacker did with it.

Impact

Impact-dependent. Vertical escalation to root, domain admin, or cloud-account admin is the highest-severity outcome a chain can achieve.

Mitigation

Defence in depth. Least-privilege at every layer (the application's database role does not have `DROP`; the container's user is not root; the cloud role has only the permissions the workload demands). Mandatory access control (SELinux, AppArmor) blocks many escalation primitives. Regular patching of kernel, container runtime, and language runtime closes the published escalation chains. Audit `sudo` configurations, group memberships, and IAM policies regularly.

Examples

  • CVE-2021-3156 — Sudo Baron Samedit; root via heap overflow in sudoers parsing.
  • CVE-2022-0847 — Dirty Pipe; arbitrary file write → root.

See also

References