NVIDIA Container Toolkit Vulnerability Allows for File System Access
CVE-2024-0132
Key Information:
- Vendor
- Nvidia
- Vendor
- CVE Published:
- 26 September 2024
Badges
Summary
The NVIDIA Container Toolkit versions up to 1.16.1 possess a Time-of-Check Time-of-Use (TOCTOU) vulnerability that arises when the tool is utilized with its default configurations. A specially crafted container image can exploit this vulnerability to gain unauthorized access to the host file system. This situation creates several security concerns, such as unauthorized code execution, potential denial of service, privilege escalation, and possibilities for information disclosure and data tampering. The vulnerability is mitigated when Container Device Interface (CDI) is implemented.
Affected Version(s)
Container Toolkit Linux All versions up to and including v1.16.1
GPU Operator Linux All versions up to and including 24.6.1
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
The StackOctober Patch Tuesday: MSFT patches 2 exploited zero days
Microsoft has patched a brace of zero days that are under active attack as part of October Patch Tuesday 2024.
3 months ago
NVIDIA AI Container Toolkit Vulnerability Fix
On Wednesday, NVIDIA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk....
4 months ago
The RegisterCVE-2024-0132Critical Nvidia bug allows container escape, host takeover
A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. The flaw, tracked as...
4 months ago
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by The Register
Vulnerability published
Vulnerability Reserved