NVIDIA security vulnerability (CVE-2024-0132)

CVE-2024-0132 is a critical vulnerability in NVIDIA Container Toolkit (versions 1.16.1 and earlier) and NVIDIA GPU Operator (versions 24.6.1 and earlier). It is classified as a Time-of-Check Time-of-Use (TOCTOU) issue, which could allow an attacker to exploit a flaw in how the container runtime accesses resources, potentially gaining access to the host file system through a specially crafted container image. This issue is mitigated in environments that utilize the Container Device Interface (CDI). Exploitation of this vulnerability can lead to container escapes, enabling code execution on the host, denial of service, privilege escalation, information disclosure, and tampering with data.

See more details on: