HQ/EMEAFind out how we can help your business
A newly discovered severe flaw in the NVIDIA Container Toolkit impacts all AI applications that use it to access GPU resources, whether in the cloud or on-premises.
Based on reports, the security vulnerability is CVE-2024-0132, which allows an unauthorised individual to execute container escape attacks and obtain full access to the targeted system, where they can execute commands or exfiltrate sensitive information.
The library is pre-installed in many AI-focused platforms and virtual machine images, and it is the default tool for GPU access when a device contains NVIDIA hardware. Researchers noted that more than 35% of cloud environments are vulnerable to these attacks.
The NVIDIA container escape flaw has a critical severity rating of 9.0 out of 10.
According to the initial assessment, the CVE-2024-0132 security vulnerability is a container escape bug that affects NVIDIA Container Toolkit 1.16.1 and earlier and GPU Operator 24.6.1 and older.
In addition, the flaw is a lack of secure isolation between the containerised GPU and the host, which allows containers to mount sensitive sections of the host filesystem or access runtime resources such as Unix sockets for inter-process communication.
While most filesystems are mounted with “read-only” permissions, some Unix sockets, such as ‘docker.sock’ and ‘containerd.sock’, are writeable, allowing direct interactions with the host, including command execution.
Subsequently, an attacker can exploit this vulnerability by running a specially constructed container image and gaining access to the host. Researchers explained that threat actors can initiate such an attack directly, using pooled GPU resources, or indirectly by having the target run an image downloaded from a malicious source. Researchers identified this new exploit and notified NVIDIA earlier this month.
On the other hand, the affected GPU manufacturer immediately acknowledged the report a few days later and issued a patch on September 26th. Hence, the company suggested that affected users upgrade their devices to NVIDIA Container Toolkit version 1.16.2 and NVIDIA GPU Operator 24.6.2.
As of now, the technical details for exploiting the security flaw remain undisclosed to enable the compromised enterprises to address the vulnerability in their respective environments and protect them from hackers who fully know how to execute an attack that exploits the flaw.
