Critical Nvidia bug affects containers
- September 30, 2024
- 0
Nvidia warns of a critical vulnerability in its Container Toolkit that could seriously endanger cloud environments. CVE-2024-0132 receives a CVSS score of nine out of ten. Nvidia released
Nvidia warns of a critical vulnerability in its Container Toolkit that could seriously endanger cloud environments. CVE-2024-0132 receives a CVSS score of nine out of ten. Nvidia released
Nvidia warns of a critical vulnerability in its Container Toolkit that could seriously endanger cloud environments.
CVE-2024-0132 receives a CVSS score of nine out of ten. Nvidia released a bulletin last Wednesday with more information about the vulnerability. All versions of the Container Toolkit up to and including version 1.16.1 are affected. It affects you Time of review, time of use-Vulnerability.
A specially developed container image allows malware to “escape” from a container and gain access to the host system, writes Nvidia. Successful exploitation of the vulnerability could lead to code execution Refusal of servicePrivilege escalation, information disclosure and data manipulation. This has no impact on use cases where CDI is used.
According to security firm Wiz, at least one in three cloud environments running the Nvidia Container Toolkit would be vulnerable. In a single-tenant environment, an attacker must trick the victim into installing the malicious image on their workstation.
However, the risk of exploitation is greater in shared cloud environments that allow third-party container images. The attacker then has much more freedom to infect other applications within the cluster.
A patch is available and as with any security vulnerability, it is advisable to apply it as soon as possible. Nvidia Container Toolkit version v.1.16.2 fixes the vulnerability as well as a less critical vulnerability (CVE-2024-0133). It is also recommended to update Nvidia GPU Operator to version 24.6.2.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.