NVIDIA Container Toolkit Vulnerability Allows for File System Access
CVE-2024-0132
Key Information
- Vendor
- Nvidia
- Status
- Container Toolkit
- Gpu Operator
- Vendor
- CVE Published:
- 26 September 2024
Badges
Summary
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Affected Version(s)
Container Toolkit = All versions up to and including v1.16.1
GPU Operator = All versions up to and including 24.6.1
News Articles
The StackOctober Patch Tuesday: MSFT patches 2 exploited zero days
Microsoft has patched a brace of zero days that are under active attack as part of October Patch Tuesday 2024.
2 months ago
NVIDIA AI Container Toolkit Vulnerability Fix
On Wednesday, NVIDIA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk....
3 months ago
The RegisterCVE-2024-0132Critical Nvidia bug allows container escape, host takeover
A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. The flaw, tracked as...
3 months ago
Refferences
CVSS V3.1
Timeline
- 👾
Exploit known to exist
First article discovered by The Register
Vulnerability published
Vulnerability Reserved