A newly discovered vulnerability in the NVIDIA Container Toolkit (CVE-2024-0132) could allow attackers to break out of containerized environments and gain access to sensitive data and systems.
The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit, which is widely used to enable GPU support in containers.
According to Wiz, this exposes organizations to the risk of data breaches, loss of control over infrastructure and potential exposure of customer information.
Shared environments, such as those using Kubernetes, are especially vulnerable, as attackers could access data and resources across entire clusters.
High-Risk Environments
The vulnerability poses significant risks in several scenarios:
- Single-tenant environments where malicious container images could compromise a user's system
- Multi-tenant platforms like Kubernetes, where a container breakout could impact other applications sharing the same GPU resources
- AI service providers, where a breach could expose other customers' data, models, and secrets
NVIDIA's toolkit is a crucial component in enabling GPU usage within containers, which are a cornerstone of modern AI workflows.
Its widespread adoption has made the flaw a significant security concern, particularly for AI developers and cloud service providers.
Wiz researchers noted that this vulnerability underscores the need for more robust security measures in AI infrastructures.
They recommend that organizations do not rely solely on containers for isolation, urging the use of additional layers like virtualization to safeguard sensitive data and workloads.
NVIDIA issued a patch for the vulnerability on September 26 2024.
Affected organizations are urged to update the NVIDIA Container Toolkit to version 1.16.2 and the NVIDIA GPU Operator to version 24.6.2.
This is particularly critical for environments that allow third-party container images or where users may run untrusted AI models.
Image credit: Juan Roballo / Shutterstock.com