NVIDIA Container Toolkit Vulnerability Allows for File System Access

Summary

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

News Articles

The Stack

CVE-2024-0132CVE-2024-29847

October Patch Tuesday: MSFT patches 2 exploited zero days

Microsoft has patched a brace of zero days that are under active attack as part of October Patch Tuesday 2024.

1 month ago

Trend Micro

CVE-2024-0132

NVIDIA AI Container Toolkit Vulnerability Fix

On Wednesday, NVIDIA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk....

2 months ago

CVE-2024-0132

Critical Nvidia bug allows container escape, host takeover

A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. The flaw, tracked as...

2 months ago

More News...