[IUCC-HPC] Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

Hank Nussbacher hank at mail.iucc.ac.il
Tue Oct 1 14:31:11 IDT 2024


Title: Critical NVIDIA Container Toolkit flaw could allow access to the underlying host
Source: Security Affairs
Date Published: September 30, 2024
Excerpt:

"Critical vulnerability CVE-2024-0132 (CVSS score 9.0) in the NVIDIA Container Toolkit could allow an attacker to escape the container and gain full access to the underlying host.

The vulnerability is a Time-of-check Time-of-Use (TOCTOU) issue that impacts NVIDIA Container Toolkit 1.16.1 or earlier.

“NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system.” reads the advisory published by NVIDIA. “This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.”

The NVIDIA Container Toolkit is a comprehensive suite designed to facilitate the deployment and management of GPU-accelerated containers. It enables users to build and run containers that leverage NVIDIA GPUs, making it particularly valuable for applications requiring high-performance computing, such as machine learning and data analysis."

To read the complete article see:

https://securityaffairs.com/169090/uncategorized/nvidia-container-toolkit-critical-flaw.html


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nocvm.iucc.ac.il/pipermail/hpc-list/attachments/20241001/ce190f26/attachment.htm>


More information about the Hpc-list mailing list