A vital vulnerability in NVIDIA Container Toolkit impacts all AI functions in a cloud or on-premise setting that depend on it to entry GPU sources.
The security challenge is tracked as CVE-2024-0132 and permits an adversary to carry out container escape assaults and achieve full entry to the host system, the place they might execute instructions or exfiltrate delicate info.
The actual library comes pre-installed in lots of AI-focused platforms and digital machine pictures and is the usual instrument for GPU entry when NVIDIA {hardware} is concerned.
Based on Wiz Analysis, greater than 35% of cloud environments are susceptible to assaults exploiting the vulnerability.
Supply: Wiz
Container escape flaw
The security challenge CVE-2024-0132 acquired a critical-severity rating of 9.0. It’s a container escape drawback that impacts NVIDIA Container Toolkit 1.16.1 and earlier, and GPU Operator 24.6.1 and older.
The issue is a scarcity of safe isolation of the containerized GPU from the host, permitting containers to mount delicate components of the host filesystem or entry runtime sources like Unix sockets for inter-process communication.
Whereas most filesystems are mounted with “read-only” permissions, sure Unix sockets corresponding to ‘docker.sock’ and ‘containerd.sock’ stay writable, permitting direct interactions with the host, together with command execution.
An attacker can reap the benefits of this omission by way of a specifically crafted container picture and attain the host when executed.
Wiz says that such an assault could possibly be carried out both straight, by way of shared GPU sources, or not directly, when the goal runs a picture downloaded from a nasty supply.
Wiz researchers found the vulnerability and reported it to NVIDIA on September 1st. The GPU maker acknowledged the report a few days later, and launched a repair on September twenty sixth.
Impacted customers are advisable to improve to NVIDIA Container Toolkit model 1.16.2 and NVIDIA GPU Operator 24.6.2.
Technical particulars for the exploiting the security challenge stay non-public for now, to present impacted organizations time to mitigate the problem of their environments. Nonetheless, the researchers are planning to launch extra technical info.
