ALAS2DOCKER-2024-036 — Vulnetix

ALAS2DOCKER-2024-036 PUBLISHED

Affected Products

Vendor	Product	Versions
Amazon	runc

Exploit Intelligence

PoC for CVE-2024-21626: runc leaks an internal fd referencing the host CWD before pivot_root, enabling container escape by setting process.cwd to /proc/self/fd/7 (github-poc-repo)
PoC for CVE-2024-21626: runc leaks an internal fd referencing the host CWD before pivot_root, enabling container escape by setting process.cwd to /proc/self/fd/7 (github-poc)
PoC for CVE-2024-21626: runc leaks an internal fd referencing the host CWD before pivot_root, enabling container escape by setting process.cwd to /proc/self/fd/7 (github-poc-repo)
PoC for CVE-2024-21626: runc leaks an internal fd referencing the host CWD before pivot_root, enabling container escape by setting process.cwd to /proc/self/fd/7 (github-poc)
POC (github-poc-repo)
Root cuase & Proof Of Code (github-poc-repo)
PoC for CVE-2024-21626: runc leaks an internal fd referencing the host CWD before pivot_root, enabling container escape by setting process.cwd to /proc/self/fd/7 (github-poc-repo)
POCs and Tetragon Rules for CVE-2024-21626 and CVE-2025-31133 (github-poc-repo)
PoC for CVE-2024-21626: runc leaks an internal fd referencing the host CWD before pivot_root, enabling container escape by setting process.cwd to /proc/self/fd/7 (github-poc)
POCs and Tetragon Rules for CVE-2024-21626 and CVE-2025-31133 (github-poc)

…and 31 more exploits

Timeline

Jan 31, 2024 CVE Published

References

ALAS2DOCKER-2024-036: runc (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›