A serious bug in the Nvidia Container Toolkit could allow complete host takeover

The company added that, under certain circumstances, successful exploitation of the vulnerability could allow code execution, denial of service, elevation of privileges, information disclosure, and data tampering.

Time to Test Time to Use Vulnerability

The Nvidia Container Toolkit allows Nvidia containers, which are specialized software packages designed to facilitate the deployment of applications involving artificial intelligence and machine learning use cases, to access the GPU hardware. It includes tools and libraries that allow applications running inside containers to use the GPU.

According to a blog post by Wiz Research, whose researchers Nvidia gave credit for the discovery of the vulnerability, the flaw allows attackers to control the container image with the toolkit, a lightweight, portable, executable package that contains everything needed to run the application, to escape that. container and get full access to the host.


Source link