February 18, 2025
Trending News

Critical Nvidia bug affects containers

  • September 30, 2024
  • 0

Nvidia warns of a critical vulnerability in its Container Toolkit that could seriously endanger cloud environments. CVE-2024-0132 receives a CVSS score of nine out of ten. Nvidia released

Critical Nvidia bug affects containers

container

Nvidia warns of a critical vulnerability in its Container Toolkit that could seriously endanger cloud environments.

CVE-2024-0132 receives a CVSS score of nine out of ten. Nvidia released a bulletin last Wednesday with more information about the vulnerability. All versions of the Container Toolkit up to and including version 1.16.1 are affected. It affects you Time of review, time of use-Vulnerability.

A specially developed container image allows malware to “escape” from a container and gain access to the host system, writes Nvidia. Successful exploitation of the vulnerability could lead to code execution Refusal of servicePrivilege escalation, information disclosure and data manipulation. This has no impact on use cases where CDI is used.

Contaminated containers

According to security firm Wiz, at least one in three cloud environments running the Nvidia Container Toolkit would be vulnerable. In a single-tenant environment, an attacker must trick the victim into installing the malicious image on their workstation.

However, the risk of exploitation is greater in shared cloud environments that allow third-party container images. The attacker then has much more freedom to infect other applications within the cluster.

Patch available

A patch is available and as with any security vulnerability, it is advisable to apply it as soon as possible. Nvidia Container Toolkit version v.1.16.2 fixes the vulnerability as well as a less critical vulnerability (CVE-2024-0133). It is also recommended to update Nvidia GPU Operator to version 24.6.2.

Source: IT Daily

Leave a Reply

Your email address will not be published. Required fields are marked *