More than 35% of cloud environments could be compromised in full host takeover intrusions involving the exploitation of a critical NVIDIA Container Toolkit container escape vulnerability, tracked as CVE-2024-0132, reports BleepingComputer.
All NVIDIA Container Toolkit versions up to 1.16.1 and GPU Operator instances up to version 24.6.1 are impacted by the flaw, which stems from the absence of secure containerized GPU isolation from the host that exposes sensitive host file system and access runtime resources to inter-process communication, according to a Wiz Research report. Threat actors could leverage shared GPU resources or a bad source-originating image to facilitate intrusions exploiting the security issue, said Wiz researchers, who did not provide more technical details regarding the bug. Meanwhile, users whose NVIDIA Container Toolkit and GPU Operator instances are affected have been urged to immediately upgrade to software iterations that address the flaw, which were released on Thursday.
