NVIDIA Container Toolkit TOCTOU Vulnerability CVE-2024-0132

Security researchers from Wiz has uncovered a critical vulnerability in the NVIDIA Container Toolkit could allow a container to escape and gain full access to the underlying host.

The vulnerability tracked as CVE-2024-0132 with a CVSS score 9.0 is a Time-of-check Time-of-Use (TOCTOU) issue that impacts NVIDIA Container Toolkit 1.16.1 or earlier.

Advertisements

The NVIDIA Container Toolkit designed to facilitate the deployment and management of GPU-accelerated containers. It enables users to build and run containers that leverage NVIDIA GPUs, making it particularly valuable for applications requiring high-performance computing, such as machine learning and data analysis.

Researchers reported the vulnerability to NVIDIA on September 1st, 2024. The company did not disclose technical details of attacks exploiting this issue due to its impact.

This issue impacts any AI applications using a vulnerable container toolkit for GPU support, whether in the cloud or on-premises.

Mode of Operandi

Gaining full access to the file system: Attackers execute a specially designed image to exploit the vulnerability
Attackers gain full read access to the host’s file system: The attacker could execute the malicious image on the target platform either directly, such as through shared GPU services, or indirectly via supply chain or social engineering attacks.
Complete host takeover: Once obtained access to Container Runtime Unix sockets (docker.sock/containerd.sock), the attacker can execute commands with root privileges, gaining control of the host system. Despite initial read-only access, a Linux socket behavior allows attackers to write commands, exploiting this vulnerability for a full system takeover.

NVIDIA addressed the issue on September 26, 2024, with the release of the NVIDIA Container Toolkit version 1.16.2 and NVIDIA GPU Operator 24.6.2.