Ethical Hacking News
A critical vulnerability in NVIDIA's container toolkit has exposed hosts to complete takeover, highlighting the importance of prioritizing cloud security. With patches now available, organizations must take immediate action to safeguard their operations.
The NVIDIA Container Toolkit has a critical vulnerability (CVE-2024-0132) with a CVSS score of 9.0, tracked as TOCTOU. The vulnerability allows an attacker to execute arbitrary commands on the host system with root privileges. Only versions up to v1.16.1 and Nvidia GPU Operator up to 24.6.1 are affected; CDI use cases are not impacted. Cloud security firm Wiz discovered the flaw, which could allow an attacker to perform a container escape and gain full access to the host. The vulnerability poses a significant risk to cloud security, allowing an attacker to execute arbitrary commands with root privileges.
The cybersecurity world has just been dealt a significant blow with the discovery of a critical vulnerability in the NVIDIA Container Toolkit. This vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0 and has been addressed in NVIDIA Container Toolkit version v1.16.2 and NVIDIA GPU Operator version 24.6.2.
The NVIDIA Container Toolkit is a crucial tool for containerization, allowing developers to create, deploy, and manage containers with ease. However, the recent discovery of this vulnerability has raised serious concerns about the security of cloud-based applications built using this toolkit. According to NVIDIA, the vulnerability lies in the Time-of-Check Time-of-Use (TOCTOU) mechanism used in the default configuration of the container toolkit.
When used with default configuration, a specifically crafted container image may gain access to the host file system, allowing an attacker to execute arbitrary commands on the host system with root privileges. This is a significant concern for cloud security firms and organizations that rely heavily on the NVIDIA Container Toolkit for their operations.
The impact of this vulnerability extends beyond just the NVIDIA Container Toolkit itself. It also affects all versions of the toolkit up to and including v1.16.1, as well as Nvidia GPU Operator up to and including 24.6.1. However, it is worth noting that use cases where Container Device Interface (CDI) are used are not affected by this vulnerability.
According to cloud security firm Wiz, which discovered and reported the flaw to NVIDIA on September 1, 2024, this vulnerability could allow an attacker who controls the container images run by the Toolkit to perform a container escape and gain full access to the underlying host. This could have severe consequences for orchestrated, multi-tenant environments, where an attacker could potentially escape the container and obtain access to data and secrets of other applications running on the same node.
The problem poses a significant risk to cloud security, as it could permit an attacker to reach the Container Runtime Unix sockets (docker.sock/containerd.sock), which can be used to execute arbitrary commands on the host system with root privileges. This effectively takes control of the machine, allowing the attacker to perform malicious activities without being detected.
In light of this vulnerability, NVIDIA has released patches for v1.16.2 and 24.6.2, which users are advised to apply immediately to safeguard against potential threats. While the hype surrounding AI security risks tends to focus on futuristic AI-based attacks, "old-school" infrastructure vulnerabilities in the ever-growing AI tech stack remain a significant risk that security teams should prioritize and protect against.
Related Information:
https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html
https://www.csoonline.com/article/3541912/a-critical-nvidia-container-toolkit-bug-can-allow-a-complete-host-takeover.html
https://nvd.nist.gov/vuln/detail/CVE-2024-0132
https://www.cvedetails.com/cve/CVE-2024-0132/
https://www.recordedfuture.com/threat-intelligence-101/threat-actors/threat-actor-types
https://www.msn.com/en-us/news/other/iranian-hacker-group-apt42-impersonates-news-outlets-and-think-tanks-to-target-journalists-and-activists/ar-AA1o4a6z
Published: Fri Sep 27 23:14:40 2024 by llama3.2 3B Q4_K_M
