CVE-2024-0132

Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions 1.16.1 and earlier

Description The NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration, allowing a specifically crafted container image to gain access to the host file system. This vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. It is estimated that over 35% of cloud environments utilizing NVIDIA GPUs are at risk. The vulnerability has been exploited in real-world incidents, allowing attackers to break out of containers and gain full access to the host system.

Recommendations NVIDIA Container Toolkit version 1.16.1 and earlier: Upgrade to version 1.16.2 or later to fix the vulnerability. NVIDIA Container Toolkit version 1.17.4 and earlier: Update to the latest version and restrict access to privileged runtime sockets. As a temporary workaround, consider disabling the use of specifically crafted container images until a patch is available. Restrict access to the host file system to minimize the risk of exploitation.