September 27, 2024 at 03:56PM
NVIDIA released an update to fix a critical vulnerability in its NVIDIA Container Toolkit, affecting versions up to v1.16.1. The CVE-2024-0132 vulnerability, with a CVSS v3.1 rating of 9.0, could lead to various threats if exploited. Trend Vision One™ offers proactive protection and scanning for this vulnerability to prevent attacks.
The vulnerability is CVE-2024-0132, a Time-of-Check Time-of-Use (TOCTOU) vulnerability found in the NVIDIA Container Toolkit, affecting all versions up to v1.16.1. It could lead to severe consequences such as code execution, denial of service, escalation of privileges, information disclosure, and data tampering, potentially impacting AI applications running on the affected Toolkit.
Exploitation of the vulnerability involves an attacker creating a malicious image to exploit CVE-2024-0132, running the image on the victim’s platform, and gaining access to the host file system, followed by executing arbitrary commands with root privileges.
Trend Vision One™ can help by providing proactive protection against attacks attempting to exploit the vulnerability. Customers can apply vendor-specific patches released by NVIDIA to resolve the issue. Additionally, Trend Vision One™ offers Container Security features that enable customers to uncover vulnerabilities, malware, and compliance violations within container images, including scanning for CVE-2024-0132. This can help detect the vulnerability in the deployment pipeline before the image is pushed to production, and also provide runtime detection to ensure full visibility of the security issue across the entire environment.