September 27, 2024 at 01:14PM
NVIDIA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit (CVE-2024-0132), impacting AI infrastructure and data. Exploitation could lead to code execution, denial of service, privilege escalation, and data tampering. Trend Vision One provides proactive protection, detecting and mitigating threats until patches can be applied.
The vulnerability is known as CVE-2024-0132 and it affects all versions of the NVIDIA Container Toolkit up to v1.16.1. It is described as a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. However, it does not impact use cases where Container Device Interface (CDI) is used.
Exploitation works when an attacker creates a malicious image to exploit CVE-2024-0132 and runs it on the victim’s platform, which allows them to gain access to the host file system. With this access, the threat actor can subsequently access the Container Runtime Unix sockets and execute arbitrary commands with root privileges – essentially assuming full remote control.
Trend Vision One can help by detecting CVE-2024-0132 through its Attack Surface Risk Management (ASRM) capabilities and by providing proactive protection against threats leveraging vulnerabilities across the cyber-attack surface. Additionally, NVIDIA has released patches to resolve the vulnerability, including NVIDIA Container Toolkit 1.16.2 and NVIDIA GPU Operator update to version 24.6.2.