Kubernetes Privileged Container Exposure
A privileged container is given access to all devices on the host and can work at the kernel level. It is declared using the Pod.spec.containers.securityContext.privileged attribute. This may be useful for infrastructure containers that perform setup work on the host, but is a dangerous attack vector.
A privileged container that may allow anonymous command execution on a node could expose the node/cluster to unwanted root operations such as start, stop or modify host processes.