Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High Severity Vulnerability in NVIDIA Container Toolkit
Alerts

High Severity Vulnerability in NVIDIA Container Toolkit

3 October 2024

NVIDIA has released security updates addressing a high severity vulnerability (CVE-2024-0132) affecting their Container Toolkit and GPU Operator.

Successful exploitation of the Time-of-Check Time-of-Use (TOCTOU) vulnerability could allow an attacker to perform container escape attacks and gain access to the host file system, enabling them to perform code execution, denial of service, escalation of privileges, information disclosure and data tampering on the host machine.

The vulnerability affects the following products:

  • NVIDIA Container Toolkit versions 1.16.1 and earlier

  • NVIDIA GPU Operator versions 24.6.1 and earlier

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://nvidia.custhelp.com/app/answers/detail/a_id/5582/~/security-bulletin%3A-nvidia-container-toolkit---september-2024

https://nvd.nist.gov/vuln/detail/CVE-2024-0132

https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover/

Back to top