Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems.

In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that would keep track of vulnerable applications and containers and patch them on the fly.

Researchers from Palo Alto Networks’ Unit42 discovered that, once the hot patch had been installed, any container on the server or cluster could exploit it to take over the underlying host. Furthermore, unprivileged processes could exploit the hot patches to elevate privileges and execute code as root.