A critical vulnerability in the NVIDIA Container Toolkit has been identified, posing serious security threats by enabling attackers to break out of container environments and gain full access to the host system. The vulnerability, tracked as CVE-2024-0132, has been assigned a CVSS score of 9.0, indicating its severe risk level. It affects all versions of the toolkit up to and including v1.16.1 and the NVIDIA GPU Operator up to version 24.6.1. NVIDIA has released patches in versions v1.16.2 of the toolkit and 24.6.2 of the operator to address this issue.
Discovered by cloud security firm Wiz, the flaw arises from a Time-of-Check Time-of-Use (TOCTOU) vulnerability, which occurs under default configurations. Attackers could exploit this vulnerability by deploying malicious container images, which could allow them to execute code or commands on the underlying host system. This presents a significant risk, particularly in orchestrated, multi-tenant environments where multiple applications run on the same node, exposing sensitive data and secrets.
In a hypothetical attack scenario, an attacker could craft a rogue container image that, when executed on a target platform, provides full access to the file system. Such an attack could be initiated through supply chain vulnerabilities, where a victim is deceived into running the compromised image, or via services that share GPU resources. Once inside, the attacker could reach critical container runtime Unix sockets, allowing them to execute arbitrary commands with root privileges.
NVIDIA has withheld technical details of the vulnerability to prevent further exploitation. Security experts emphasize the importance of applying the patches promptly to mitigate the risk associated with this vulnerability. As the cybersecurity landscape continues to evolve, organizations are reminded that traditional infrastructure vulnerabilities still pose immediate threats, making it crucial for security teams to prioritize their defenses against such risks.
