Critical Vulnerability in NVIDIA Container Toolkit Allows Complete Host System Control

September 29, 2024

A severe security vulnerability has been identified in the NVIDIA Container Toolkit. This flaw, labeled as CVE-2024-0132, affects all AI applications in cloud or on-premise environments that utilize the toolkit to access GPU resources. The vulnerability could potentially enable an attacker to execute container escape attacks, thereby gaining unrestricted access to the host system. This unrestricted access could be used to execute commands or extract sensitive data. The NVIDIA Container Toolkit is a standard tool for GPU access when NVIDIA hardware is involved and is pre-installed on many AI-focused platforms and virtual machine images.

According to research by Wiz, over 35% of cloud environments are susceptible to attacks that exploit this vulnerability. The severity of the CVE-2024-0132 vulnerability has been rated as critical, with a score of 9.0. The vulnerability affects NVIDIA Container Toolkit 1.16.1 and earlier, as well as GPU Operator 24.6.1 and older. The root cause of the problem is the lack of secure isolation of the containerized GPU from the host. This allows containers to mount sensitive parts of the host filesystem or access runtime resources, such as Unix sockets used for inter-process communication.

Although most filesystems are mounted with 'read-only' permissions, certain Unix sockets, including 'docker.sock' and 'containerd.sock', remain writable. This allows direct interactions with the host, including command execution. An attacker could exploit this vulnerability by using a specially crafted container image to gain access to the host system when the image is executed. Wiz researchers suggest that an attack could be executed either directly, through shared GPU resources, or indirectly, when a malicious image is run from an untrustworthy source.

The vulnerability was discovered by Wiz researchers and reported to NVIDIA on September 1st. NVIDIA acknowledged the report a few days later and released a patch on September 26th. Users impacted by this vulnerability are urged to upgrade to NVIDIA Container Toolkit version 1.16.2 and NVIDIA GPU Operator 24.6.2. Further technical details about the vulnerability are currently being withheld to give affected organizations time to address the issue in their environments. However, the researchers plan to release more information in the future.

Latest News

• Storm-0501 Ransomware Threat Actor Expands Attacks to Hybrid Cloud Environments
• Critical Unpatched Vulnerabilities in CUPS Open-Source Printing System Risk Linux Systems
• HPE Aruba Addresses Severe Vulnerabilities in Access Points
• 'SloppyLemming' APT Targets Government and Law Enforcement Agencies via Cloudflare
• Critical Ivanti vTM Authentication Bypass Vulnerability Now Actively Exploited