AI description
CVE-2024-0132 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability found in NVIDIA Container Toolkit versions 1.16.1 and earlier. It exists when the toolkit is used with its default configuration. The vulnerability allows a specially crafted container image to gain unauthorized access to the host file system. This vulnerability does not impact use cases where the Container Device Interface (CDI) is used. Successful exploitation of CVE-2024-0132 can lead to several consequences, including code execution, denial of service, privilege escalation, information disclosure, and data tampering. While NVIDIA released a patch in September 2024, it was later found to be incomplete, leaving systems potentially vulnerable to container escape attacks and a related performance flaw affecting Docker on Linux.
- Description
- NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
- Source
- psirt@nvidia.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-0132
@transilienceai
1 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
30 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
29 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Incomplete NVIDIA patch for the NVIDIA Container Toolkit (CVE-2024-0132) highlights ongoing risks. Successful exploitation could allow attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions. https://t.co/eUffUXskdl
@natordas
27 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
25 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
23 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Turns out security patches aren't always a one-and-done fix! An update for a critical NVIDIA vulnerability (CVE-2024-0132) used in AI setups was incomplete, potentially leaving systems open to 'container escape' attacks. Wild stuff. #Cybersecurity #AI https://t.co/2XCu6lFVux http
@TweekFawkes
21 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
21 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
20 Apr 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
NVIDIA's latest patch for the NVIDIA Container Toolkit (CVE-2024-0132) leaves gaps in protection. Ensure you understand the risks, discover the potential impacts, and how to stay safe. Read our full report: ⬇️ https://t.co/BbRkzwb5Vm
@TrendMicroRSRCH
20 Apr 2025
552 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Critical alert: A flaw in the #NVIDIA Container Toolkit (CVE-2024-0132) leaves #AI infrastructure at risk of container escapes, data theft & DoS—even after a patch. #DevOps #CyberSecurity #Docker #Containers 🔒 Read more: https://t.co/tOWdotoVyT
@threatsbank
17 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
16 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 NVIDIA’s critical security fix failed! NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete attackers can still escape containers and gain root access (CVE-2025-23359). 👀 Admins: Threat actors are watching... ✅ Patch now ✅ Audit your containers ✅ Lock down Docker http
@achi_tech
16 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
15 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
トレンドマイクロ、AIコンテナを露出させる不完全なNvidiaパッチを指摘(CVE-2024-0132) https://t.co/LqpFDcAHqH #Security #セキュリティ #ニュース
@SecureShield_
15 Apr 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://t.co/7AaYQBTfOb
@PVynckier
13 Apr 2025
79 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks 📅 Timeline: Disclosure: 2024-09-26, Patch: 2024-10-02 📌 Attribution: NVIDIA 🆔 cveId: CVE-2024-0132 📊 baseScore: 9.0 📏 cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
@syedaquib77
13 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIAのContainer Toolkitに存在する重大な脆弱性CVE-2024-0132は、9月の修正パッチが不完全であったことから依然として悪用可能であり、AIインフラと機密データに深刻なリスクをもたらしている。 Trend
@yousukezan
12 Apr 2025
626 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
12 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Un parche incompleto en el kit de herramientas de NVIDIA deja la vulnerabilidad CVE-2024-0132 abierta a la fuga de contenedores https://t.co/g2riwkoiln https://t.co/fb63pr8S3n
@elhackernet
11 Apr 2025
1587 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Da WordPress a Microsoft Office, passando per NVIDIA: vulnerabilità e aggiornamenti urgenti Sicurezza Informatica, bug licensing, crash, CVE-2024-0132, CVE-2025-3102, exploit, Microsoft 365 Family, NVIDIA container, Office 2016, patch emergenza, Wordpress https://t.co/xZ1ZKSOEAl
@matricedigitale
11 Apr 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Incomplete patch for CVE-2024-0132 in NVIDIA Container Toolkit leaves systems vulnerable to container escapes (CVSS 9.0). Sensitive data at risk. Details👇 🔗 https://t.co/zCA8jvue1H #CyberSecurity #NVIDIA https://t.co/zCA8jvue1H
@SalvadorCloud
11 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIAツールキットの不完全なパッチにより、CVE-2024-0132がコンテナエスケープに対して脆弱なまま残る https://t.co/JnN9RUoVdh #Security #セキュリティ #ニュース
@SecureShield_
11 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cyberNEWS Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes. Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit. https://t.co/ULrA2QhwVq
@CyberSysblue
10 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw in the NVIDIA Container Toolkit (CVE-2024-0132) remains unpatched, risking container escapes & service disruptions for Docker on Linux. Beware of TOCTOU vulnerabilities! 🛡️ #NVIDIA #Docker #Linux link: https://t.co/AqOUB1e12T https://t.co/BiCtCIx1AL
@TweetThreatNews
10 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIA has fully patched CVE-2024-0132 in the Container Toolkit with version 1.17.5 (released Mar 11, 2025). If you're running GPU-accelerated containers, update now to prevent container escape attacks. #CyberSecurity #NVIDIA #CVE20240132 #DevSecOps #ContainerSecurity https://t
@CloneSystemsInc
10 Apr 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
New Post: Un parche parcial en el conjunto de herramientas de NVIDIA deja al descubierto la vulnerabilidad CVE-2024-0132, lo que permite posibles fugas desde contenedores. https://t.co/W43byUwj2A
@hualkana
10 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete. attackers can still escape containers and gain root access (CVE-2025-23359).
@byt3n33dl3
10 Apr 2025
50 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
1 Quote
The Hacker News - Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://t.co/P2Pgw3b4uJ
@buzz_sec
10 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 NVIDIA’s critical security fix failed! NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359). 👀 Admins: Threat actors are watching... ✅ Patch now ✅ Audit your containers ✅ Lock down Docker ht
@TheHackersNews
10 Apr 2025
9844 Impressions
57 Retweets
103 Likes
5 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
17 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SCMagazine: A vulnerability in @nvidia’s container toolkit, tracked as CVE-2024-0132, handles runtime commands and would leave the attacker with root privileges on the host server, if exploited. #cybersecurity #infosec #ITsecurity https://t.co/dBkYhqpjdY
@MrsYisWhy
15 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in @nvidia’s container toolkit, tracked as CVE-2024-0132, handles runtime commands and would leave the attacker with root privileges on the host server, if exploited. #cybersecurity #infosec #ITsecurity https://t.co/D4rlIpLevY
@SCMagazine
15 Feb 2025
526 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) https://t.co/nZmShQehjW libnvidia-container mount is susceptible to symlink attacks, which can lead to arbitrary host directories being mounted
@oss_security
15 Feb 2025
454 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
A flaw rated "critical" in Nvidia server tools could potentially allow attackers to compromise AI servers. Tracked as CVE-2024-0132, the vulnerability concerns the way Nvidia’s container toolkit handles runtime commands with root privileges. https://t.co/wCX0kXEfKj https://t.co/
@riskigy
14 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) https://t.co/QBTOa3nWto
@andersonc0d3
14 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in @nvidia’s container toolkit, tracked as CVE-2024-0132, handles runtime commands and would leave the attacker with root privileges on the host server, if exploited. #cybersecurity #infosec #ITsecurity https://t.co/D4rlIpLevY
@SCMagazine
14 Feb 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Its time to reveal the technical details: Breaking out of @nvidia containers 🚨 🧵Wiz Research has uncovered a critical security vulnerability (CVE-2024-0132) in the #NVIDIA Container Toolkit, enabling container escape and full host compromise. https://t.co/rBdOvshs47
@wiz_io
11 Feb 2025
1292 Impressions
8 Retweets
23 Likes
5 Bookmarks
1 Reply
0 Quotes
$NVDIA CVE-2024-0132 fix timeline is impressive compared to other companies in the industry. Source: Wiz https://t.co/ek7Rz7kuhU
@ChimeraX007
24 Jan 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 AI Vulnerability Alert 🚨 Critical security flaws in popular AI tools 1️⃣ Nvidia Container Toolkit Vulnerability (CVE-2024-0132): 2️⃣ Llama Drama Exploit (CVE-2024-34359) 💡 Takeaway: AI is revolutionizing industries but also increasing the attack surface. Regular updates,
@hkgsatish
13 Dec 2024
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
30 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
29 Oct 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
25 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CVE CVE-2024-0132 NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability https://t.co/iD780IcdmG
@ComputerPunks
23 Oct 2024
37 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
23 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-0132 is a critical vulnerability in Nvidia Container Toolkit that already impacted 100k+ cloud infrastructures. Is this a wake-up call for cloud security? What's your thought? https://t.co/0ZLXi6fz4y #BYCS #CloudSecurity #CVE20240132 #AI #Kubernetes #Vulnerability
@BYCSHK
22 Oct 2024
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
20 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-0132
@transilienceai
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55455A6E-4257-4750-9A18-8D8A5EA029B7",
"versionEndExcluding": "1.16.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28B17317-5E43-4842-BB41-6E459FAD3D40",
"versionEndExcluding": "24.6.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]