Fortra is actively researching vulnerabilities in NVIDIA Container Toolkit - CVE-2024-0132 and CVE-2024-0133. A malicious container can exploit these vulnerabilities to gain access to the host filesystem in read-only mode. Successful exploitation and subsequent actions can lead to code execution and privilege escalation. The greatest risk appears to be that an attacker can escape from their container and gain control over other containers on the same host.
NVIDIA has released patched versions of the affected products. Customers are recommended to update to a patched version as soon as possible.
Who is affected?
The following platforms are affected by these vulnerabilities:
- NVIDIA Container Toolkit up to and including v1.16.1
- NVIDIA GPU Operator up to and including 24.6.1
What can I do?
The vendor has released patched versions of NVIDIA Container Toolkit and NVIDIA GPU Operator. Customers should update the following patched versions as soon as possible.
- NVIDIA Container Toolkit v1.16.2
- NVIDIA GPU Operator 24.6.2
For more information, refer to NVIDIA’s security bulletin.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.
Comments
0 comments
Please sign in to leave a comment.