AWS released several hot patches to mitigate vulnerability to log4shell. Unfortunately Unit 42 at Palo Alto identified several severe vulnerabilities with their fixes, including container escape which is pretty much the holy grail of a cloud vulnerability.
If you are not familiar, cloud infrastructure works by having a lot of hardware that is effectively “shared” by clients. To keep the client’s data and services private and separate the cloud providers use virtualization to keep client resources confined to secure “containers.” So if you are able to somehow escape your container you could potentially access other client’s data or the OS that is running the virtual machines. You can see why that would be bad…
Full writeup from Unit 42 here!