Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments
Wiz Research has uncovered a critical security vulnerability, CVE-2024-0132, in the widely used NVIDIA Container Toolkit, which provides containerized AI applications with access to GPU resources. This impacts any AI application – in the cloud or on-premise – that is running the vulnerable container toolkit to enable GPU support.
The vulnerability enables attackers who control a container image executed by the vulnerable toolkit to escape from that container and gain full access to the underlying host system, posing a serious risk to sensitive data and infrastructure.
On September 26, NVIDIA released a security bulletin along with a patched version of the affected product. Thank you to the entire NVIDIA team that worked with us throughout the disclosure process. We greatly appreciate their transparency, responsiveness, and collaboration during this engagement.
In this post, we will provide a high-level overview of the discovery and its implications. Given the prevalence and sensitivity of this bug, we will save some of the technical details for a future installment, omitting exploit information for now so that impacted organizations have time to address the vulnerability.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25649745/2089852195.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25330660/STK414_AI_CHATBOT_H.jpg)
