Summary: Security researchers at Trend Micro have identified that Nvidia’s patch for a critical vulnerability in the Nvidia Container Toolkit is incomplete, leaving systems susceptible to container escape attacks. The vulnerability, CVE-2024-0132, allows attackers to execute arbitrary commands and manipulate sensitive data. Trend Micro emphasizes the urgent need for businesses using the Nvidia Container Toolkit or Docker to reassess their security measures to mitigate risks.
Affected: Nvidia, organizations utilizing the Nvidia Container Toolkit or Docker
Keypoints :
- Vulnerability CVE-2024-0132 has a CVSS score of 9/10, indicating high severity.
- The patch fails to enforce strict checks, exposing a timing window for exploitation.
- Attackers could access sensitive host data or cause operational disruptions by exhausting resources.
- Versions up to 1.17.3 of the toolkit are vulnerable; upgrades may still be exploitable under certain conditions.
- Trend Micro disclosed an additional denial-of-service flaw linked to Docker on Linux systems.
- Organizations are advised to limit Docker API access and disable non-essential features in the toolkit.