CrowdStrike has identified two new local privilege escalation vulnerabilities in the Ubuntu kernel's OverlayFS module, labeled CVE-2023-2640 and CVE-2023-32629, which can potentially be used to root non-root containers. These vulnerabilities allow files with elevated capabilities from the lower directory to be copied to the upper directory, enabling privilege escalation. The CrowdStrike Falcon® platform is capable of detecting and preventing the exploitation of these vulnerabilities on both hosts and containers. The vulnerabilities exploit a kernel function that fails to restrict file security capabilities, posing a risk of container escape and host compromise. CrowdStrike recommends upgrading Ubuntu kernels, monitoring non-root privileged containers, and using security profiles like Seccomp or AppArmour to mitigate these vulnerabilities. By disabling the creation of new namespaces by unprivileged users, organizations can further protect their systems. The company emphasizes the importance of staying informed about cloud vulnerabilities and showcases its Falcon platform as a comprehensive security solution for multi-cloud and hybrid environments.