A novel container escape technique targeting AWS Lambda's execution environment.
We discovered a technique for escaping the Lambda execution sandbox by exploiting /proc filesystem access patterns unique to the Lambda runtime. While the escape does not provide access to other customers' data, it allows reading the Lambda service's internal configuration and IAM role credentials. AWS has patched the issue.