September 27, 2024 at 11:18AM
NVIDIA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, impacting AI infrastructure. CVE-2024-0132 affects all Toolkit versions up to v1.16.1, allowing threat actors to execute arbitrary commands with root privileges. Trend Vision One offers proactive protection against exploitation, detecting CVE-2024-0132 through Attack Surface Risk Management capabilities. Rapid patching is always recommended.
The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) vulnerability in the NVIDIA Container Toolkit, affecting all versions up to v1.16.1. This flaw could lead to various risks including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. It enables a threat actor to perform a container escape and gain full root privileges, allowing access to sensitive data in shared environments. It is estimated to affect approximately 33% of cloud environments.
The exploitation involves an attacker creating a malicious image to exploit the vulnerability, running the image on the victim’s platform to gain access to the host file system, and subsequently accessing the Container Runtime Unix sockets to execute arbitrary commands with root privileges.
Trend Vision One can help by detecting CVE-2024-0132 through its Attack Surface Risk Management (ASRM) capabilities. It is also recommended that users apply vendor-specific patches to resolve the vulnerability. NVIDIA has released patches for the NVIDIA Container Toolkit and NVIDIA GPU Operator to address these issues and customers are encouraged to update as soon as possible.