Trend Micro Research has found a NVIDIA security update from September 2024 for a critical vulnerability (CVE-2024-0132) was incomplete. This patch was meant for the NVIDIA Container Toolkit and could potentially leave systems open to container escape attacks. Furthermore, the researchers identified a a denial-of-service (DoS) vulnerability impacting Docker on Linux. 

When exploited, these vulnerabilities could allow malicious actors to access sensitive data or disrupt operations, possibly leading to the loss of intellectual property or proprietary AI models as well as downtime caused by system inaccessibility or resource exhaustion. 

Thomas Richards, Infrastructure Security Practice Director at Black Duck, comments, “The severity of these vulnerabilities should prompt organizations to take immediate action to patch their systems and better manage software risk. Given how NVIDIA has become the de facto standard for AI processing, this potentially affects every organization involved in the AI space. With working proof of concept code for some of the issues, organizations are already at risk. Data corruption or system downtime can negatively impact the LLM models and creates supply chain concerns if the models are corrupted for downstream applications.”

The organizations directly affected are those deploying NVIDIA Container Toolkit or Docker in cloud, AI or containerized environments. This is especially the case for those utilizing specific toolkit features or default configurations implemented in recent versions. Organizations using AI workloads or Docker-based container infrastructure may also be at risk. 

Jason Soroko, Senior Fellow at Sectigo, states, “The Trend Micro research report shows that the mitigation does not comprehensively address all exploit vectors, creating a false sense of security. This research challenges defenders to question patch completeness and adopt a proactive stance toward driver integrity verification. It puts extra weight on cyber defense staff that are already busy. They need to monitor their networks for exploitation attempts while deploying additional defenses such as strict system segmentation and enhanced intrusion detection. Maintaining updated intelligence on emerging threats, and having close communication with vendors, is essential to adapt mitigation strategies and compensate for gaps left by incomplete fixes.”