By Cyber Guard Team 
A critical vulnerability, CVE-2024-0132, was identified in NVIDIA’s Container Toolkit versions up to 1.16.1. This Time-of-Check Time-of-Use (TOCTOU) flaw allows specially crafted container images to access the host file system, potentially leading to code execution, privilege escalation, and data tampering. NVD
NVIDIA released a patch in September 2024, updating the toolkit to version 1.16.2. However, Trend Micro’s recent analysis reveals that the initial fix was incomplete. The vulnerability persists in version 1.17.4 if the “allow-cuda-compat-libs-from-container” feature is enabled. Additionally, a related performance issue can cause a denial-of-service (DoS) condition on Docker instances in Linux environments. This occurs due to uncontrolled growth in the Linux mount table, leading to resource exhaustion and potential system inaccessibility.
Organizations using NVIDIA Container Toolkit or Docker in AI, cloud, or containerized environments are advised to:
- Apply the latest patch (version 1.17.4) and disable the “allow-cuda-compat-libs-from-container” feature unless necessary.
- Limit Docker API access and privileges to authorized personnel.
- Implement container image admission controls and monitor the Linux mount table for abnormal growth.
- Regularly audit container-to-host interactions and deploy runtime anomaly detection tools.
These measures are crucial to mitigate the risks associated with CVE-2024-0132 and ensure the security of AI infrastructure and data.
Register Now