On Wednesday, NVIDIA released an update that fixes a critical vulnerability in the NVIDIA Container Toolkit. Exploitation of this vulnerability could compromise widespread AI infrastructure and underlying data/confidentiality. Since CVSS v3.1 has a rating of 9.0, this flaw must be patched immediately. But for organizations where this is not possible, Trend Vision One™ provides proactive protection against attacks that attempt to exploit it.
What is a vulnerability?
NVIDIA Container Toolkit allows users to build and run GPU-accelerated containers and is the deployment target of choice for many AI systems. CVE-2024-0132 affects all versions of the toolkit up to v1.16.1. This is described as a Time-of-Check Time-of-Use (TOCTOU) vulnerability that, when used in the default configuration, can lead to code execution, denial of service, privilege escalation, information disclosure, and data tampering. there is. However, it does not affect use cases where the Container Device Interface (CDI) specifies access to the underlying device (such as an NVIDIA GPU).
According to the researchers who discovered the bug, the bug could allow an attacker with control of a container image run by a vulnerable NVIDIA Container Toolkit to perform a container escape and hijack the underlying host system with full root privileges. You will be able to do it. In a shared environment, full root privileges result in a loss of integrity and, as a side effect, a loss of confidentiality. Essentially all AI applications running the affected toolkits are affected. Researchers estimate that one-third (33%) of cloud environments are affected by CVE-2024-0132.
How does exploitation take place?
The attack looks like this:
An attacker creates a malicious image that exploits CVE-2024-0132. They directly or indirectly (e.g. via supply chain/social engineering attacks) run their images on the victim’s platform. This allows access to the host file system. This access allows threat actors to then access the container runtime’s Unix socket and execute arbitrary commands with root privileges. In other words, assume full remote control.
How can Trend Vision One help?
First and foremost, we always recommend applying vendor-specific patches when available. In this case, NVIDIA has released the following patch in response to the vulnerability and we strongly recommend that customers update as soon as possible.
NVIDIA Container Toolkit 1.16.2 has been released to resolve this issue
Updating the NVIDIA GPU Operator to version 24.6.2 also resolves issues related to this component.
However, rapid patching is not always possible for various reasons. Trend Vision One™ – Container Security customers can use this proactive technology to discover vulnerabilities, malware, and compliance violations within container images. A scan for CVE-2024-0132 is available and is also reflected in Trend Vision One™ – Attack Surface Risk Management (ASRM).
An attacker could use an exploit in CVE-2024-0132 to create a malicious image. Trend can help you detect this vulnerability in your pipeline before the image is pushed to production. This way, container security (admission control policy enforcement) can block container images deployed to production if a vulnerability is detected. It also helps detect this vulnerability at runtime, giving customers complete visibility of this security issue across their environments.
