On-premises and cloud artificial intelligence (AI) servers could be breached by attackers exploiting a critical NVIDIA Container software vulnerability, tracked as CVE-2024-0132, SC Media reports.
Exploitation of the flaw — initially disclosed in September and stemming from the improper runtime command management of NVIDIA's container toolkit — could facilitate escalated privileges as well as total host file and container runtime Unix socket access. That could enable deployment of privileged containers and complete compromise of the targeted host, according to an analysis from Wiz researchers.
"Significant and risky operations occur on the container’s filesystem, where a potential attacker could manipulate files and settings. Furthermore, these operations are executed from the host," said Wiz researchers.
The issue is prevalent in AI systems and threats could escalate, causing researchers to urge immediate remediation.
