Organizations using the NVIDIA Container Toolkit or Docker in AI and cloud environments, particularly with default configurations, are at heightened risk.

The flaw can be exploited through a timing window that allows a crafted container to bypass isolation and access host resources, as detailed in Trend Micro's analysis.

These vulnerabilities originate from an incomplete security patch issued by NVIDIA in September 2024 for CVE-2024-0132, leaving systems exposed to various attacks.

Trend Micro warns that the incomplete patch enables attackers to execute arbitrary commands, compromise sensitive data, and escalate privileges on affected systems.

Trend Micro has uncovered critical security vulnerabilities in the NVIDIA Container Toolkit and Docker, which could potentially lead to container escapes and denial-of-service (DoS) attacks.

This flaw poses a significant threat to over 35% of cloud environments using Nvidia GPUs, underscoring the potential for serious security breaches in AI operations.

Versions of the NVIDIA Container Toolkit up to 1.17.3 are vulnerable, while version 1.17.4 requires specific features to be enabled for exploitation.

Successful exploitation could lead to unauthorized access to sensitive information, theft of proprietary AI models, and significant operational disruptions for companies reliant on NVIDIA and Docker.

Attackers could exploit these vulnerabilities by creating malicious container images that gain access to sensitive host data and execute commands with root privileges.

The vulnerability, designated CVE-2024-0132, has a high CVSS score of 9/10, highlighting its severity and the importance of addressing it promptly.

Thomas Richards, Infrastructure Security Practice Director at Black Duck, stresses the urgent need for organizations to apply patches and manage software risks due to the potential impact on AI processing and operational integrity.

Trend Micro recommends several protective measures, including limiting Docker API access, disabling unnecessary features in the NVIDIA Container Toolkit, and regularly auditing software images.