"While the above attack did use the systemd vsock sshd listener for Escape
to Host, the attacker could have just directly listened over the vsock loopback."
TL;DR: a clueless user fails to understand and configure his own systems, but for clickbait effect chooses to blame the evil SyStEmD!!!11 instead of his own incompetence
I will try to go more in-depth in later posts, but many users, especially in a k8s context probably have a socket activated sshd listener on vsock, that may pose a serious risk and possibly violate your security assumptions.
https://www.openwall.com/lists/oss-security/2026/01/08/7
TL;DR: a clueless user fails to understand and configure his own systems, but for clickbait effect chooses to blame the evil SyStEmD!!!11 instead of his own incompetence