Notice of Container Escape Vulnerability in NVIDIA Container Toolkit (CVE-2024-0132)
NVIDIA Container Toolkit is an open-source tool package from NVIDIA. It allows you to use NVIDIA GPUs to accelerate computing in a containerized environment. The toolkit includes a container runtime library and utilities for automatically configuring containers to leverage NVIDIA GPUs.
Description
Type |
CVE-ID |
Severity |
Discovered |
---|---|---|---|
Container escape |
Critical |
2024-09-26 |
Impact
In NVIDIA Container Toolkit v1.16.1 and earlier versions, an attacker can run a malicious image, which may result in container escape and enables the attacker to obtain host permissions. Successful exploitation of this vulnerability may enable code execution, DoS, privilege escalation, information leakage, and data tampering.
Identification Method
- If the cluster does not have the CCE AI Suite (NVIDIA GPU) add-on installed or if the add-on version is earlier than 2.0.0, this vulnerability is not relevant.
In earlier versions, CCE AI Suite (NVIDIA GPU) add-on are named gpu-beta or gpu-device-plugin.
- If CCE AI Suite (NVIDIA GPU) version is 2.0.0 or later, you can log in to the target GPU node and run the following command:
nvidia-container-runtime --version
Mitigation
Do not run an untrusted container image in the cluster before the vulnerability is fixed.
CCE will release a new version of the CCE AI Suite (NVIDIA GPU) add-on to fix this vulnerability. Pay attention to CCE AI Suite (NVIDIA GPU) Release History.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot