Cybersecurity researchers uncovered an incomplete patch related to the NVIDIA Container Toolkit vulnerability (CVE-2024-0132) that could be exploited for unauthorized access and denial-of-service attacks. The vulnerability, rated with a CVSS score of 9.0, allows potential container escape, impacting sensitive host data. Trend Micro's analysis highlights a related performance flaw in Docker on Linux that could cause operational disruptions. Despite NVIDIA addressing the issue, the flaws continue to pose a significant risk, particularly affecting version 1.17.4 if specific features are enabled.
These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions, Trend Micro researcher Abdelrahman Esmail said in a new report.
The specific flaw exists within the mount_files function. The issue results from the lack of proper locking when performing operations on an object.
Collection
[
|
...
]