Researchers are urging enterprises that rely on Nvidia GPUs for their AI workloads to ensure that systems are patched against critical security vulnerabilities in an NVIDIA toolkit for running GPU-accelerated containers. If exploited, the bugs can allow attackers to gain access to sensitive data, steal proprietary AI models, or create operational disruptions.
NVIDIA released an update last September to patch CVE-2024-0132, a time-of-check time-of-use (TOCTOU) vulnerability that earned a CVSS rating of 9 out of 10, in the NVIDIA Container Toolkit.
However, after closer inspection, researchers from Trend Micro and Wiz separately discovered a secondary flaw that the patch did not mitigate, so some users, even on patched systems, would still be at risk.
Researchers at Trend Micro flagged what they deemed this “incomplete” fix for CVE-2024-0132 in a recent blog post and wrote the related bug allows denial-of-service (DoS). This may have created confusion among those who thought their systems were protected once the initial patch was applied, security experts say.
Keep reading his article in Dark Reading, a Data Center Knowledge partner site
