Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers


A critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit, with a CVSS score of 9.0, has been disclosed, allowing attackers to escape container boundaries and gain full access to the host system. The flaw, present in NVIDIA Container Toolkit versions up to 1.16.1 and GPU Operator versions up to 24.6.1, stems from a Time-of-Check Time-of-Use (TOCTOU) issue. This vulnerability could enable an attacker controlling a container image to execute arbitrary commands on the host, leading to code execution, privilege escalation, and data tampering. Patches are available in Toolkit v1.16.2 and GPU Operator v24.6.2, and users are urged to update to mitigate the risk, especially in multi-tenant environments where the impact could extend to other applications and clusters.

Read More


thumb-image

Solutions