High-Risk Vulnerability Found in NVIDIA Container Toolkit Affecting AI Applications

TapTechNews October 2nd news, WizResearch released a blog post on September 26th, reporting that there is a high-risk vulnerability in the NVIDIA Container Toolkit, affecting all AI applications that rely on this tool to access GPU resources.

The vulnerability tracking number is CVE-2024-0132, and attackers can perform container escape attacks to obtain full access to the host system, thereby executing commands or stealing sensitive information.

Many AI-centered platforms and virtual machine images will pre-install NVIDIA's toolkit, which is the standard tool for invoking access to the GPU. According to WizResearch, more than 35% of the cloud environment is at risk of being attacked using this vulnerability.

Attackers can escape from the container through a specially crafted container image and access the host directly or indirectly to attack the host.

The problem lies in the lack of security isolation between the containerized GPU and the host, resulting in the container being able to mount sensitive parts of the host file system or access Runtime resources such as Unix sockets for inter-process communication.

The severity score of CVE-2024-0132 is 9.0, affecting versions of the NVIDIA Container Toolkit prior to 1.16.1, and versions of GPU Operator prior to 24.6.1.

Although most file systems are mounted with read-only permissions, some Unix sockets, such as 'docker.sock' and 'containerd.sock', are still writable, allowing direct interaction with the host, including executing commands.

Wiz researchers discovered this vulnerability and reported it to NVIDIA on September 1st. NVIDIA confirmed the report a few days later and released a fix patch on September 26th.

TapTechNews note: NVIDIA recommends that users upgrade to NVIDIA Container Toolkit version 1.16.2 and NVIDIA GPU Operator 24.6.2 as soon as possible.