Urgent Call to Action for Enterprises Using Nvidia GPUs for AI Workloads
Enterprises relying on Nvidia GPUs for their AI workloads are being urged to prioritize patching their systems against critical security vulnerabilities found in an NVIDIA toolkit designed for running GPU-accelerated containers. These vulnerabilities, if exploited, could potentially grant attackers unauthorized access to sensitive data,
steal proprietary AI models
, or disrupt operations.
In September of last year, NVIDIA released an update to address
CVE-2024-0132
, a significant time-of-check time-of-use (TOCTOU) vulnerability with a CVSS rating of 9 out of 10, within the NVIDIA Container Toolkit.
Despite this patch, researchers from Trend Micro and Wiz uncovered a secondary flaw that the update failed to address. As a result, even users with patched systems remain vulnerable to exploitation.
Trend Micro researchers identified this “incomplete” fix for CVE-2024-0132 in a recent publication and highlighted the potential for denial-of-service (DoS) attacks. The oversight has caused confusion among users who believed their systems were secure following the initial patch.
Continue reading this article on Dark Reading, a trusted source for data center insights
