The Nvidia Container Toolkit for Linux, a set of tools that allows devs to build and run GPU-accelerated containers using Docker, or other container runtimes, carries a vulnerability that allows threat actors to gain access to the host file system and thus execute malicious code remotely, run denial of service attacks, escalate privileges, steal sensitive information, or tamper with the victim’s data.
Apparently, the previous bug is tracked as CVE-2024-0132, and has a 9.0 severity score, making it critical, as it could allow malicious actors to mount the host's root file system into a container, granting them free access to virtually anything.
It was assigned a severity score of 8.3, and was said to affect all versions of Container Toolkit up to and including 1.17.3, and all versions up to and including 24.9.1 of GPU Operator.
Nvidia says the issue was fixed in September 2024, and to address the issue, users are advised to apply the released patches, and make sure not to disable the "--no-cntlibs" flag in production environments, it was said.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!.
