CVE-2024-0132

Published Sep 26, 2024

Last updated 6 months ago

CVSS high 8.3
NVIDIA Container Toolkit

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-0132 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability found in NVIDIA Container Toolkit versions 1.16.1 and earlier. It exists when the toolkit is used with its default configuration. The vulnerability allows a specially crafted container image to gain unauthorized access to the host file system. This vulnerability does not impact use cases where the Container Device Interface (CDI) is used. Successful exploitation of CVE-2024-0132 can lead to several consequences, including code execution, denial of service, privilege escalation, information disclosure, and data tampering. While NVIDIA released a patch in September 2024, it was later found to be incomplete, leaving systems potentially vulnerable to container escape attacks and a related performance flaw affecting Docker on Linux.

Description
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Source
psirt@nvidia.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.3
Impact score
6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-367
psirt@nvidia.com
CWE-367

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://t.co/7AaYQBTfOb

    @PVynckier

    13 Apr 2025

    70 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. NVIDIAのContainer Toolkitに存在する重大な脆弱性CVE-2024-0132は、9月の修正パッチが不完全であったことから依然として悪用可能であり、AIインフラと機密データに深刻なリスクをもたらしている。 Trend

    @yousukezan

    12 Apr 2025

    626 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    12 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Un parche incompleto en el kit de herramientas de NVIDIA deja la vulnerabilidad CVE-2024-0132 abierta a la fuga de contenedores https://t.co/g2riwkoiln https://t.co/fb63pr8S3n

    @elhackernet

    11 Apr 2025

    1587 Impressions

    3 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Da WordPress a Microsoft Office, passando per NVIDIA: vulnerabilità e aggiornamenti urgenti Sicurezza Informatica, bug licensing, crash, CVE-2024-0132, CVE-2025-3102, exploit, Microsoft 365 Family, NVIDIA container, Office 2016, patch emergenza, Wordpress https://t.co/xZ1ZKSOEAl

    @matricedigitale

    11 Apr 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Incomplete patch for CVE-2024-0132 in NVIDIA Container Toolkit leaves systems vulnerable to container escapes (CVSS 9.0). Sensitive data at risk. Details👇 🔗 https://t.co/zCA8jvue1H #CyberSecurity #NVIDIA https://t.co/zCA8jvue1H

    @SalvadorCloud

    11 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. NVIDIAツールキットの不完全なパッチにより、CVE-2024-0132がコンテナエスケープに対して脆弱なまま残る https://t.co/JnN9RUoVdh #Security #セキュリティ #ニュース

    @SecureShield_

    11 Apr 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. #cyberNEWS Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes. Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit. https://t.co/ULrA2QhwVq

    @CyberSysblue

    10 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A critical flaw in the NVIDIA Container Toolkit (CVE-2024-0132) remains unpatched, risking container escapes & service disruptions for Docker on Linux. Beware of TOCTOU vulnerabilities! 🛡️ #NVIDIA #Docker #Linux link: https://t.co/AqOUB1e12T https://t.co/BiCtCIx1AL

    @TweetThreatNews

    10 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. NVIDIA has fully patched CVE-2024-0132 in the Container Toolkit with version 1.17.5 (released Mar 11, 2025). If you're running GPU-accelerated containers, update now to prevent container escape attacks. #CyberSecurity #NVIDIA #CVE20240132 #DevSecOps #ContainerSecurity https://t

    @CloneSystemsInc

    10 Apr 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. New Post: Un parche parcial en el conjunto de herramientas de NVIDIA deja al descubierto la vulnerabilidad CVE-2024-0132, lo que permite posibles fugas desde contenedores. https://t.co/W43byUwj2A

    @hualkana

    10 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete. attackers can still escape containers and gain root access (CVE-2025-23359).

    @byt3n33dl3

    10 Apr 2025

    50 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    1 Quote

  13. The Hacker News - Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://t.co/P2Pgw3b4uJ

    @buzz_sec

    10 Apr 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 NVIDIA’s critical security fix failed! NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359). 👀 Admins: Threat actors are watching... ✅ Patch now ✅ Audit your containers ✅ Lock down Docker ht

    @TheHackersNews

    10 Apr 2025

    9844 Impressions

    57 Retweets

    103 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    17 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. SCMagazine: A vulnerability in @nvidia’s container toolkit, tracked as CVE-2024-0132, handles runtime commands and would leave the attacker with root privileges on the host server, if exploited. #cybersecurity #infosec #ITsecurity https://t.co/dBkYhqpjdY

    @MrsYisWhy

    15 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. A vulnerability in @nvidia’s container toolkit, tracked as CVE-2024-0132, handles runtime commands and would leave the attacker with root privileges on the host server, if exploited. #cybersecurity #infosec #ITsecurity https://t.co/D4rlIpLevY

    @SCMagazine

    15 Feb 2025

    526 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) https://t.co/nZmShQehjW libnvidia-container mount is susceptible to symlink attacks, which can lead to arbitrary host directories being mounted

    @oss_security

    15 Feb 2025

    454 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  19. A flaw rated "critical" in Nvidia server tools could potentially allow attackers to compromise AI servers. Tracked as CVE-2024-0132, the vulnerability concerns the way Nvidia’s container toolkit handles runtime commands with root privileges. https://t.co/wCX0kXEfKj https://t.co/

    @riskigy

    14 Feb 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) https://t.co/QBTOa3nWto

    @andersonc0d3

    14 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. A vulnerability in @nvidia’s container toolkit, tracked as CVE-2024-0132, handles runtime commands and would leave the attacker with root privileges on the host server, if exploited. #cybersecurity #infosec #ITsecurity https://t.co/D4rlIpLevY

    @SCMagazine

    14 Feb 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Its time to reveal the technical details: Breaking out of @nvidia containers 🚨 🧵Wiz Research has uncovered a critical security vulnerability (CVE-2024-0132) in the #NVIDIA Container Toolkit, enabling container escape and full host compromise. https://t.co/rBdOvshs47

    @wiz_io

    11 Feb 2025

    1292 Impressions

    8 Retweets

    23 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  23. $NVDIA CVE-2024-0132 fix timeline is impressive compared to other companies in the industry. Source: Wiz https://t.co/ek7Rz7kuhU

    @ChimeraX007

    24 Jan 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 AI Vulnerability Alert 🚨 Critical security flaws in popular AI tools 1️⃣ Nvidia Container Toolkit Vulnerability (CVE-2024-0132): 2️⃣ Llama Drama Exploit (CVE-2024-34359) 💡 Takeaway: AI is revolutionizing industries but also increasing the attack surface. Regular updates,

    @hkgsatish

    13 Dec 2024

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    30 Oct 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    29 Oct 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    25 Oct 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. #CVE CVE-2024-0132 NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability https://t.co/iD780IcdmG

    @ComputerPunks

    23 Oct 2024

    37 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    23 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. CVE-2024-0132 is a critical vulnerability in Nvidia Container Toolkit that already impacted 100k+ cloud infrastructures. Is this a wake-up call for cloud security? What's your thought? https://t.co/0ZLXi6fz4y #BYCS #CloudSecurity #CVE20240132 #AI #Kubernetes #Vulnerability

    @BYCSHK

    22 Oct 2024

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    20 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Actively exploited CVE : CVE-2024-0132

    @transilienceai

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References