CVE-2024-0132
📋 TL;DR
A TOCTOU vulnerability in NVIDIA Container Toolkit 1.16.1 or earlier allows specially crafted container images to access the host file system when using default configuration. This can lead to host compromise through code execution, privilege escalation, or data theft. Only affects systems using NVIDIA Container Toolkit without CDI (Container Device Interface).
💻 Affected Systems
- NVIDIA Container Toolkit
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full host compromise with root-level code execution, complete data exfiltration, and persistent backdoor installation.
Likely Case
Container escape leading to host file system access, privilege escalation, and potential data theft from the host.
If Mitigated
Limited impact with proper container isolation and security controls in place.
🎯 Exploit Status
Requires ability to create and run malicious container images. Exploitation depends on container runtime configuration and user permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.16.2 or later
Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5582
Restart Required: Yes
Instructions:
1. Update NVIDIA Container Toolkit to version 1.16.2 or later. 2. Restart container runtime services. 3. Verify the update with 'nvidia-ctk version' command.
🔧 Temporary Workarounds
Enable CDI Mode
linuxUse Container Device Interface (CDI) which is not affected by this vulnerability
nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml
Configure container runtime to use CDI
Restrict Container Image Sources
linuxOnly allow trusted container registries and enforce image signing
Configure container runtime policy to restrict image sources
🧯 If You Can't Patch
- Enable CDI mode for all NVIDIA GPU container deployments
- Implement strict container image validation and only allow signed images from trusted sources
🔍 How to Verify
Check if Vulnerable:
Check NVIDIA Container Toolkit version with 'nvidia-ctk version' and verify if version is 1.16.1 or earlierCheck Version:
nvidia-ctk versionVerify Fix Applied:
Run 'nvidia-ctk version' and confirm version is 1.16.2 or later📡 Detection & Monitoring
Log Indicators:
- Unusual container image pulls from untrusted sources
- Container processes accessing host file system paths
- Privilege escalation attempts from container contexts
Network Indicators:
- Container runtime API calls attempting to modify host bind mounts
- Suspicious container image layer downloads
SIEM Query:
container.runtime=nvidia AND (event.action=bind_mount OR event.action=host_access) AND container.image.registry NOT IN (trusted_registries)