CVE-2024-0132
First published: Thu Sep 26 2024(Updated: )
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Credit: psirt@nvidia.com psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Nvidia Nvidia Container Toolkit | <1.16.2 | |
| Linux Linux kernel | ||
| All of | ||
| Nvidia Nvidia Gpu Operator | <24.6.2 | |
| Linux Linux kernel | ||
| Microsoft CBL Mariner 2.0 x64 | ||
| Microsoft Azure Linux 3.0 ARM | ||
| Microsoft Azure Kubernetes Service Node on Ubuntu Linux | ||
| Microsoft CBL Mariner 2.0 ARM | ||
| Microsoft Azure Kubernetes Service Node on Azure Linux | ||
| Microsoft Azure Linux 3.0 x64 | ||
| go/github.com/NVIDIA/nvidia-container-toolkit | <1.16.2 | 1.16.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/
- https://nvidia.custhelp.com/app/answers/detail/a_id/5582
- https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0132 (Advisory)
- https://github.com/NVIDIA/gpu-operator/security/advisories/GHSA-95rf-r6p4-44h7
- https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-q2v4-jw5g-9xxj
- https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-mjjw-553x-87pq
- https://nvd.nist.gov/vuln/detail/CVE-2024-0132
- https://github.com/advisories/GHSA-mjjw-553x-87pq (Advisory)
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-0132
- collector/mitre-cve
- source/MITRE
- collector/bleeping-computer
- source/BleepingComputer
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/msrc
- source/Microsoft
- agent/severity
- collector/msrc-cve
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-mjjw-553x-87pq
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- collector/nvd-cve
- agent/softwarecombine
- agent/event
- collector/github-advisory
- vendor/nvidia
- canonical/nvidia nvidia container toolkit
- vendor/linux
- canonical/linux linux kernel
- canonical/nvidia nvidia gpu operator
- vendor/microsoft
- canonical/microsoft cbl mariner 2.0 x64
- canonical/microsoft azure linux 3.0 arm
- canonical/microsoft azure kubernetes service node on ubuntu linux
- canonical/microsoft cbl mariner 2.0 arm
- canonical/microsoft azure linux 3.0 x64
- canonical/microsoft azure kubernetes service node on azure linux
- package-manager/go