ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Analysis Brief Reports
NVIDIA Vulnerability: CVE-2024-0132
2025.02.28

✅ Report Title:

Quick Overview of NVIDIA Container Toolkit Escape Vulnerability



✅ Executive Summary:

- On September 26, 2024, the CVE-2024-0132 vulnerability in the NVIDIA Container Toolkit was urgently patched.

- This vulnerability was found to affect the following product versions:
> NVIDIA Container Toolkit < v1.16.4
> NVIDIA GPU Operator < 24.6.2

- On September 26, 2024, it was announced as a CVSS 3.1: 8.3 CRITICAL vulnerability, and a patch was released.

- No known exploitation cases have been identified; however, since it may impact all cloud AI applications associated with the toolkit, users are advised to enable threat detection.



📌 What caused the vulnerability?

- This vulnerability is a Container Escape issue caused by insufficient file validation in mount paths within the NVIDIA Container Toolkit.

- The NVIDIA Container Toolkit replaces the default Docker daemon's container runtime with the nvidia-container-runtime binary to support multiple container runtimes for various containerized applications.

- When running Docker, the nvidia-container-runtime binary creates containers following the Open Container Initiative (OCI) and performs initialization tasks such as mounting before the container is fully launched.

- During the initialization process, the NVIDIA Container Toolkit searches for specific libraries within the /usr/local/cuda/compat directory using the compat/lib*.so.* pattern.

- The identified libraries are then mounted to the actual container root path on the host filesystem:`/var/lib/docker/overlay2/<container_id>/merged`.

- However, since no file type validation is performed during the library search and mounting process, an attacker can create a symbolic link in advance using the same library name pattern. This allows an arbitrary host filesystem path to be mounted inside the container, leading to a Container Escape vulnerability.



📌 What is the attack scenario?

- The attacker creates a Dockerfile containing a symbolic link to exploit the vulnerability and gain access to the host’s filesystem path.

- To maximize privileges over the host filesystem, the attacker uses the host’s docker.sock to secure a mount path to the root filesystem.

- The attacker builds an image using the crafted Dockerfile and distributes it on Docker Hub through supply chain attack methods such as Dependency Confusion, tricking users into using it.

- When users deploy the malicious image, the attacker gains full access to the user's host machine.



✅ Recommended Threat Detection and Mitigation Actions:

- It is recommended to update threat detection rules, conduct continuous monitoring, and apply the latest patches.

- If patching is not possible, it is advised to follow the recommended mitigation measures.



🧑‍💻 Report Author: S2W TALON

👉 Contact us: https://s2w.inc/en/contact


*The full report is available upon request and for QUAXAR subscribers.


News Highlights
Weekly Darkweb in February W4
2025.02.26
Previous
News Highlights
Weekly Darkweb in March W1
2025.03.05
Next
List