Organizations leveraging containerized environments are at risk of significant container escape attack compromise stemming from an incomplete fix for an NVIDIA Container Toolkit vulnerability, tracked as CVE-2024-0132, Hackread reports.
Aside from the patch failing to address a time-of-check time-of-use issue within the NVIDIA Container Toolkit, Trend Micro researchers also discovered Docker on Linux systems to be impacted by a denial-of-service flaw, both of which could be leveraged to establish and execute volume symlink-connected malicious container images. With the images facilitating host file system access and arbitrary command execution, attackers could compromise sensitive host data and proprietary AI models, as well as disrupt operations, said researchers. "The severity of these vulnerabilities should prompt organizations to take immediate action to patch their systems and better manage software risk. Given how NVIDIA has become the de facto standard for AI processing, this potentially affects every organization involved in the AI space," said Black Duck Infrastructure Security Practice Director Thomas Richards.
Aside from the patch failing to address a time-of-check time-of-use issue within the NVIDIA Container Toolkit, Trend Micro researchers also discovered Docker on Linux systems to be impacted by a denial-of-service flaw, both of which could be leveraged to establish and execute volume symlink-connected malicious container images. With the images facilitating host file system access and arbitrary command execution, attackers could compromise sensitive host data and proprietary AI models, as well as disrupt operations, said researchers. "The severity of these vulnerabilities should prompt organizations to take immediate action to patch their systems and better manage software risk. Given how NVIDIA has become the de facto standard for AI processing, this potentially affects every organization involved in the AI space," said Black Duck Infrastructure Security Practice Director Thomas Richards.
