Conversation
screaminggoat@infosec.exchange

screaminggoat

Wiz: How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)
This is an update to a previous blog post from 26 September 2024. Wiz provides vulnerability details for CVE-2024-0132 (9.0 critical) NVIDIA Container Toolkit 1.16.1 or earlier TOCTOU (hehe funny acronym @cR0w) which can lead to "code execution, denial of service, escalation of privileges, information disclosure, and data tampering."

We withheld specific technical details of the vulnerability because the NVIDIA PSIRT team identified that the original patch did not fully resolve the issue. We worked closely with the NVIDIA team to ensure proper mitigation of both the original vulnerability and the bypass. The bypass is tracked under a separate CVE, CVE-2025-23359.

0
1
0
screaminggoat@infosec.exchange

screaminggoat

Reply to

@cR0w https://en.wikipedia.org/wiki/The_Wiz_(store)

0
2
0
buherator

buherator

Reply to
@cR0w @screaminggoat I will never not like this meme!
0
0
3
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.