Artificial Intelligence (AI)
First to Detect AI Threats, Including NVIDIA-powered Systems
On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk.
On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk. With a CVSS rating of 9.0, the flaw should be patched immediately. But for organizations unable to do so, Trend Vision One will provide proactive protection against attacks attempting to exploit it.
What is the vulnerability?
The NVIDIA Container Toolkit allows users to build and run GPU-accelerated containers, and as such plays an important role in many AI systems. CVE-2024-0132 affects all versions of the Toolkit up to v1.16.1. It’s described as a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, which could lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. However, it doesn’t impact use cases where Container Device Interface (CDI) is used.
According to the researchers who discovered it, the bug enables a threat actor with control over any container images run by the vulnerable NVIDIA Container Toolkit to perform a container escape, and hijack the underlying host system with full root privileges. In shared environments, that could allow them to access sensitive data/secrets of any applications running on the same node or cluster. Basically, any AI application running the affected Toolkit is impacted. Researchers estimate that a third (33%) of cloud environments are affected by CVE-2024-0132.
How does exploitation work?
An attack would look like this:
- An attacker creates a malicious image to exploit CVE-2024-0132.
- They run the image on the victim’s platform, either directly or indirectly (eg via supply chain/social engineering attack).
- This enables them to gain access to the host file system.
- With this access, the threat actor can subsequently access the Container Runtime Unix sockets, in order to execute arbitrary commands with root privileges—ie assume full remote control.
How can Trend Vision One help?
First and foremost, it is always recommended that users apply vendor-specific patches when they are available. In this case, NVIDIA has released the following patches in response to the vulnerabilities and customers are strongly encouraged to update as soon as possible:
- NVIDIA Container Toolkit 1.16.2 has been released that resolves the issue
- NVIDIA GPU Operator update to version 24.6.2 also resolves issues related to this component
However, for many reasons, rapid patching isn’t always possible. Trend Vision One – Container Security customers can use this proactive technology to uncover vulnerabilities, malware, and compliance violations within container images. Scanning for CVE-2024-0132 is available and will also reflect in Trend Vision One – Attack Surface Risk Management (ASRM).
Securing your AI journey
This is just the latest example of Trend Micro’s commitment to helping customers proactively manage cyber risk across the fast-growing AI attack surface:
- In May we announced new capabilities in Trend Vision One™ – Zero Trust Secure Access (ZTSA) designed to protect users of generative AI
- In August we announced the Trend Micro Vision One™ Sovereign Private Cloud, which will help organizations maximize the potential of AI while maintaining business resilience
- Also in August we announced a partnership with GMI Cloud to further secure enterprise AI use
- Trend is also pioneering the concept of the AI Mesh for the SOC, which will help eliminate data siloes, enable more accurate predictions, and provide a common framework for security AI services to communicate
This blog will continue to be updated as information develops.