NVIDIA Container Toolkit Improper Isolation Vulnerability Allowing Host Device Access
Vulnerability
An improper isolation vulnerability has been identified in the NVIDIA Container Toolkit, where a specially crafted container image could enable untrusted code to gain read and write access to host devices. This issue arises only when the toolkit is configured non-default. Exploitation of this vulnerability could result in code execution, denial of service, privilege escalation, information disclosure, and data tampering.
Impact
Successful exploitation allows untrusted code to access host devices, potentially leading to unauthorized data modification, execution of malicious code, disruption of services, or unauthorized access to elevated privileges.
Remediation
To address this vulnerability, users should update to NVIDIA Container Toolkit version 1.17.3 or later. Instructions for updating can be found in the NVIDIA Container Toolkit documentation. Additionally, ensure that the toolkit is configured in the default way to prevent untrusted code execution from containers.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.