CyberSecurity news
FlagThis
info@thehackernews.com (The Hacker News)@The Hacker News - 17d
A critical security vulnerability, CVE-2024-0132 (CVSS score: 9.0), has been identified in the NVIDIA Container Toolkit, potentially allowing attackers to completely compromise the host system. Researchers at Wiz have uncovered a new exploit, CVE-2025-23359 (CVSS score: 8.3), that bypasses the original patch for CVE-2024-0132. This vulnerability allows malicious actors to escape the container's isolation, gaining full access to the underlying host, posing a significant risk to sensitive data and infrastructure.
Security researchers Shir Tamari, Ronen Shustin, and Andres Riancho found that file paths used during mount operations could be manipulated using a symbolic link, making it possible to mount from outside the container into a path within "/usr/lib64." This allows an attacker to mount the host's root file system into a container, granting unrestricted access to all files and enabling the launch of privileged containers and achieve full host compromise via the runtime Unix socket. It is strongly recommended that users immediately update to NVIDIA Container Toolkit version 1.17.4 and NVIDIA GPU Operator version 24.9.2, which addresses both vulnerabilities, and to not disable the "--no-cntlibs" flag in production environments.
ImgSrc: blogger.googleu
References :
Security researchers Shir Tamari, Ronen Shustin, and Andres Riancho found that file paths used during mount operations could be manipulated using a symbolic link, making it possible to mount from outside the container into a path within "/usr/lib64." This allows an attacker to mount the host's root file system into a container, granting unrestricted access to all files and enabling the launch of privileged containers and achieve full host compromise via the runtime Unix socket. It is strongly recommended that users immediately update to NVIDIA Container Toolkit version 1.17.4 and NVIDIA GPU Operator version 24.9.2, which addresses both vulnerabilities, and to not disable the "--no-cntlibs" flag in production environments.
ImgSrc: blogger.googleu
Share:
References :
- The Hacker News: Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
- Wiz Blog | RSS feed: Critical NVIDIA container vulnerability (CVE-2024-0132) allows full host compromise. Update to NVIDIA Container Toolkit 1.17.4 immediately and restrict access to privileged runtime sockets. The post appeared first on .
- BleepingComputer: Information about an NVIDIA vulnerability and its bypass.
- Open Source Security: CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass)
- Security Risk Advisors: NVIDIA Container Toolkit Vulnerability Enables Full Host Compromise (CVE-2024-0132 & CVE-2025-23359)
Classification:
- HashTags: #NVIDIA #Vulnerability #ContainerSecurity
- Company: NVIDIA
- Target: Hosts
- Product: Container Toolkit
- Feature: Container Escape
- Malware: CVE-2024-0132 & CVE-2025-23359
- Type: Vulnerability
- Severity: Critical