#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

22 C
Dubai
Monday, February 10, 2025
HomeTechnology & TelecomCritical NVIDIA AI Vulnerability Discovered by Wiz Research: Impacts Over 35% of...

Critical NVIDIA AI Vulnerability Discovered by Wiz Research: Impacts Over 35% of Cloud Environments Using NVIDIA GPUs

Date:

Related stories

spot_imgspot_imgspot_imgspot_img

Wiz Research has uncovered a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit, widely used for AI applications in both cloud and on-premise environments. This vulnerability poses a severe risk, particularly to containers running on NVIDIA GPUs, and affects more than 35% of cloud environments globally. The flaw allows attackers to escape container boundaries and gain full access to the host system, exposing sensitive data and critical infrastructure. NVIDIA has promptly addressed this issue by releasing a patch, and organizations are strongly advised to update their systems to mitigate the risks.

The vulnerability discovered by Wiz Research is found within the NVIDIA Container Toolkit, a popular solution that enables AI applications to utilize GPUs within containerized environments. The toolkit, widely adopted across industries, facilitates GPU sharing among various workloads, which has become essential with the growth of AI and cloud technologies.

“On September 26, NVIDIA released a security bulletin along with a patched version of the affected product. Thank you to the entire NVIDIA team that worked with us throughout the disclosure process. We greatly appreciate their transparency, responsiveness, and collaboration during this engagement.” WIZ

This flaw, CVE-2024-0132, allows malicious actors who control a container image to escape from that container and gain access to the underlying host machine. Once inside, attackers can access confidential data, tamper with the system, and potentially disrupt other workloads running on the same infrastructure. This is particularly alarming for shared cloud environments, where multiple tenants often share the same resources, making the risk of cross-tenant data breaches significant.

Implications for Cloud and AI Environments:
In shared or hybrid cloud environments, the threat extends beyond individual users or organizations. AI service providers allowing customers to run their own GPU-enabled container images are especially vulnerable. Attackers can deploy a malicious container, gain access to sensitive data, and target other cloud tenants.

For example, an attacker could exploit the vulnerability to steal the credentials of other users or gain unauthorized access to proprietary AI models and datasets. The implications are severe for industries relying on cloud-based AI infrastructure, such as finance, healthcare, and government sectors.

Who is Affected?

  • NVIDIA Container Toolkit: All versions up to v1.16.1 are vulnerable.
  • NVIDIA GPU Operator: All versions up to 24.6.1 are affected.
  • Cloud Environments: Over 35% of cloud environments that use NVIDIA GPUs are at risk, particularly those using third-party container images or models from untrusted sources.

The NVIDIA Container Toolkit has become the standard for integrating GPU support in containerized environments, and it’s often pre-installed in AI platforms. This widespread adoption increases the potential impact of this vulnerability, especially for multi-tenant cloud services.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE IDDescriptionVectorBase ScoreSeverityCWEImpacts
CVE-2024-0132NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.0CriticalCWE‑367Code execution, denial of service, escalation of privileges, information disclosure, data tampering
CVE-2024-0133NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N4.1MediumCWE‑367Data tampering

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.

To protect your system, install the software update as described in the installation section of the NVIDIA Container Toolkit documentation and the NVIDIA GPU Operator documentation.

CVE IDs AddressedAffected ProductsPlatform or OSAffected VersionsUpdated Version
CVE‑2024-0132 CVE-2024-0133NVIDIA Container ToolkitLinuxAll versions up to and including v1.16.1v1.16.2
NVIDIA GPU OperatorLinuxAll versions up to and including 24.6.124.6.2
custhelp

Mitigation and Response:
NVIDIA released a patch (v1.16.2) on September 26, 2024, addressing this critical vulnerability. Organizations are advised to update both the NVIDIA Container Toolkit and the NVIDIA GPU Operator (v24.6.2). Special attention should be given to environments where third-party or untrusted container images are used, as these present the highest risk.

10 Tips to Prevent Similar Threats:

  1. Apply Security Patches Promptly: Regularly update software and apply patches as soon as they become available to close security gaps.
  2. Restrict Container Privileges: Limit the privileges of containers to reduce the risk of container escapes.
  3. Use Trusted Sources for Container Images: Only use container images from trusted and verified sources to minimize exposure to malicious content.
  4. Enable Runtime Security Monitoring: Implement real-time monitoring to detect and prevent unauthorized activities in containerized environments.
  5. Implement Strong Access Controls: Ensure that only authorized personnel can deploy and manage containers, and regularly review access permissions.
  6. Segregate Workloads: Separate sensitive workloads from general-purpose workloads to reduce the risk of cross-environment breaches.
  7. Enforce Multi-Factor Authentication (MFA): Protect administrative accounts and services with MFA to mitigate credential theft risks.
  8. Audit Container Activity: Regularly audit container activity logs for unusual behavior that might indicate an attempted breach.
  9. Isolate Critical Data: Use strong encryption and isolate critical data to ensure it remains secure, even if an attacker gains access to the system.
  10. Educate Teams on Security Best Practices: Provide ongoing security training to development and operations teams to ensure they are aware of the latest threats and mitigations.

Conclusion:
The discovery of the NVIDIA AI vulnerability underscores the growing complexity of securing AI infrastructure and hybrid cloud environments. As containers become more integral to AI workloads, organizations must remain vigilant in securing their environments against emerging threats. The vulnerability, CVE-2024-0132, highlights how seemingly routine tools can become attack vectors when security is overlooked.

Organizations using the NVIDIA Container Toolkit should prioritize patching their systems immediately to mitigate the risks. As AI and container technologies evolve, collaboration between developers and security teams is critical to ensuring a secure, resilient infrastructure.

Want to stay on top of cybersecurity news? Follow us on Facebook – X (Twitter) – Instagram – LinkedIn – for the latest threats, insights, and updates!

Ouaissou DEMBELE
Ouaissou DEMBELEhttp://cybercory.com
Ouaissou DEMBELE is an accomplished cybersecurity professional and the Editor-In-Chief of cybercory.com. He has over 10 years of experience in the field, with a particular focus on Ethical Hacking, Data Security & GRC. Currently, Ouaissou serves as the Co-founder & Chief Information Security Officer (CISO) at Saintynet, a leading provider of IT solutions and services. In this role, he is responsible for managing the company's cybersecurity strategy, ensuring compliance with relevant regulations, and identifying and mitigating potential threats, as well as helping the company customers for better & long term cybersecurity strategy. Prior to his work at Saintynet, Ouaissou held various positions in the IT industry, including as a consultant. He has also served as a speaker and trainer at industry conferences and events, sharing his expertise and insights with fellow professionals. Ouaissou holds a number of certifications in cybersecurity, including the Cisco Certified Network Professional - Security (CCNP Security) and the Certified Ethical Hacker (CEH), ITIL. With his wealth of experience and knowledge, Ouaissou is a valuable member of the cybercory team and a trusted advisor to clients seeking to enhance their cybersecurity posture.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_imgspot_imgspot_imgspot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here