Wiz: How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
This is an update to a previous blog post from 26 September 2024. Wiz provides vulnerability details for CVE-2024-0132 (9.0 critical) NVIDIA Container Toolkit 1.16.1 or earlier TOCTOU (hehe funny acronym @cR0w) which can lead to "code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
We withheld specific technical details of the vulnerability because the NVIDIA PSIRT team identified that the original patch did not fully resolve the issue. We worked closely with the NVIDIA team to ensure proper mitigation of both the original vulnerability and the bypass. The bypass is tracked under a separate CVE, CVE-2025-23359.
#nvidia #cve #vulnerability #CVE_2024_0132 #CVE_2025_23359 #infosec #cybersecurity