CVE-2024-0132: CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass)
First published: Thu Sep 26 2024(Updated: )
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Credit: psirt@nvidia.com psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Azure Linux 3.0 ARM | ||
| Microsoft Azure Kubernetes Service Node on Ubuntu Linux | ||
| Microsoft Azure Linux 3.0 x64 | ||
| Microsoft Azure Kubernetes Service Node on Azure Linux | ||
| go/github.com/NVIDIA/nvidia-container-toolkit | <1.16.2 | 1.16.2 |
| Microsoft CBL-Mariner | ||
| Microsoft CBL-Mariner | ||
| All of | ||
| NVIDIA Container Toolkit | <1.16.2 | |
| Linux Kernel | ||
| All of | ||
| NVIDIA GPU Operator | <24.6.2 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/
- https://nvidia.custhelp.com/app/answers/detail/a_id/5582
- https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0132 (Advisory)
- https://github.com/NVIDIA/gpu-operator/security/advisories/GHSA-95rf-r6p4-44h7
- https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-q2v4-jw5g-9xxj
- https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-mjjw-553x-87pq
- https://nvd.nist.gov/vuln/detail/CVE-2024-0132
- https://github.com/advisories/GHSA-mjjw-553x-87pq (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-0132?
CVE-2024-0132 is considered a critical vulnerability that allows a crafted container image to gain access to the host file system.
How do I fix CVE-2024-0132?
To mitigate CVE-2024-0132, upgrade the NVIDIA Container Toolkit to version 1.16.2 or later.
Which systems are affected by CVE-2024-0132?
CVE-2024-0132 affects NVIDIA Container Toolkit versions 1.16.1 and earlier, particularly when used with default configurations in various environments, including Azure Kubernetes and CBL Mariner.
What type of vulnerability is CVE-2024-0132?
CVE-2024-0132 is a Time-of-check Time-of-use (TOCTOU) vulnerability.
Does CVE-2024-0132 affect all use cases of NVIDIA Container Toolkit?
No, CVE-2024-0132 does not impact use cases where Container Device Interface (CDI) is utilized.
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-0132
- collector/mitre-cve
- source/MITRE
- collector/bleeping-computer
- source/BleepingComputer
- collector/msrc
- source/Microsoft
- agent/software-canonical-lookup
- agent/severity
- collector/msrc-cve
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-mjjw-553x-87pq
- agent/references
- agent/last-modified-date
- agent/author
- agent/event
- collector/github-advisory
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- agent/softwarecombine
- collector/oss-sec
- source/oss-sec
- alias/CVE-2025-23359
- agent/title
- agent/tags
- agent/source
- agent/trending
- vendor/microsoft
- canonical/microsoft azure linux 3.0 arm
- canonical/microsoft azure kubernetes service node on ubuntu linux
- canonical/microsoft azure linux 3.0 x64
- canonical/microsoft azure kubernetes service node on azure linux
- package-manager/go
- canonical/microsoft cbl-mariner
- vendor/nvidia
- canonical/nvidia container toolkit
- vendor/linux
- canonical/linux kernel
- canonical/nvidia gpu operator