NVIDIA Container Toolkit and GPU Operator carried a critical vulnerability that allowed threat actors to access the underlying host’s file system, experts warn.
Cybersecurity researchers at Wiz discovered and reported the flaw, tracked as CVE-2024-0132, and has a vulnerability rating of 9.0/10 – critical, to Nvidia on September 1, 2024.
It is described as a Time-of-Check Time-of-Use (TOCTOU) vulnerability. To be exploitable, the tools must be set to default configurations. A threat actor can then create a special container image that gives them access to the host file system.
Different environments are at risk
“Successful exploitation of this vulnerability could lead to code execution, denial of service, escalation of privilege, information disclosure, and data tampering,” the company said in a security advisory.
The bug affected all NVIDIA Container Toolkit versions up to v.1.16.2, and all NVIDIA GPU Operator versions up to 24.6.2, which were the first to fix the bug. It is also worth noting that the vulnerability does not work when Container Device Interface (CDI) is used.
“The urgency with which you need to resolve the vulnerability depends on the architecture of your environment and the level of trust you place in running images,” the researchers said in their technical paper. “Any environment that allows the use of third-party container images or AI models – internally or as-a-service – is at greater risk, as this vulnerability can be exploited via a malicious image.”
They highlighted that single-tenant computing environments could be at risk if a user downloads a malicious container image from an untrusted source, giving the crooks access to the workstation. In orchestrated environments such as Kubernetes (K8), an attacker with permission to deploy a container can gain access to data and secrets from other applications running on the same node or cluster.
Via The hacker news