Sign in / up

back to article Patch now: Critical Nvidia bug allows container escape, complete host takeover

A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host. The flaw, tracked as CVE-2024-0132, earned a 9.0 out of 10 CVSS severity rating, and affects all versions of Container Toolkit up to and including …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Phil O'Sophical Silver badge

    Ah, the joys of running your critical infrastructure on Somebody Else's Computer.

    9 0 Reply
    1. CowHorseFrog Silver badge
      Reply Icon

      Who would have guessed that being a brainless copy-cat who only knows how to copy without thinking for oneself could be problematic.?

      0 2 Reply
    2. streaky
      Reply Icon
      Childcatcher

      Somebody Else's Computer..

      As opposed to rolling your own distributed global datacentre infrastructure?

      0 0 Reply
  2. Sandtitz Silver badge
    Boffin

    Uh, this can be exploited in in-house servers as well.

    3 1 Reply
    1. Ken Hagan Gold badge
      Reply Icon

      But unless you are in the habit of attacking yourself, or of inviting strangers to run their software on your in-house servers, it's unlikely to matter.

      Cloud providers' whole business model is the latter and attacks like this put all of those customers at risk from each other.

      4 1 Reply
      1. Sandtitz Silver badge
        Reply Icon

        Obviously, it's not about self inflicted harm.

        My %workplace% runs all VM's and containers on-prem, most of which are handled by the system caretakers. They don't have access to the virtualization admin layer, but they do have admin/root access inside their VM servers to do whatever their systems require for administration. The developers have been granted minimum access required to automate creation/manipulation/deletion of their own VM's and containers, but they don't have admin access beyond whatever resources they have been allocated.

        I have reasonable trust on our guys not to even think about escaping their VM's or containers to attack my org. (and they know we have the SIEM systems and extensive logging)

        Sometimes this trust needs to be placed on outsourced folks from other organizations ...and sometimes I question their integrity.

        1 1 Reply
        1. W.S.Gosset Silver badge
          Reply Icon

          You're both right.

          A feature of the West historically has been a High-Trust Environment, socioculturally-speaking. (Exceptions were so rare they were flagged up as outrageous/criminal.)

          This is no longer a safe basis.

          0 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Assume nothing grasshopper

        Social engineering attacks that may trick people into downloading malicious images, are a very real risk.

        Don't assume you are golden because you own your own tin.

        0 0 Reply
    2. CowHorseFrog Silver badge
      Reply Icon

      Ask yourself which of the two cloud or in house is more likely to have random bad guys installing exploits on a machine you share with them ?

      0 1 Reply
      1. Sandtitz Silver badge
        Reply Icon

        It does not matter which one is more likely to succumb. The chance is both is non-zero so dont be lulled into a false sense of security.

        0 0 Reply
        1. CowHorseFrog Silver badge
          Reply Icon

          We are not monkeys that can only count to 4... theres a big diference between 1 and 100.

          Why pick the more dangerous option when you can pick the safer ?

          0 1 Reply
  3. IGotOut Silver badge
    Facepalm

    Wahoo ..

    .jpg malware now with extra AI.

    2 0 Reply
  4. O'Reg Inalsin

    AI Breaking Out of the GPU?

    This is just the beginning.

    3 0 Reply
    1. W.S.Gosset Silver badge
      Reply Icon

      Re: AI Breaking Out of the GPU?

      Yes.

      If you spend some time in the "HaXoRs!"/crackers communities, you'll discover almost immediately that 99.9% of them are idiots parroting now-routine off-the-shelf techniques created by a tiny subset of dissociated puzzle-solvers. "Script Kiddies", as they used to be called.

      But watch a few guys in front of you mechanistically crack a tiny gap in a CTF challenge, that 99.99.% of admins would think "Meh. Safe enough. In the real world." and you'll realise just how powerful blind, stupid, parrot repetition is.

      LLM AIs do precisely that.

      Fast.

      4 0 Reply
      1. W.S.Gosset Silver badge
        Reply Icon

        Re: AI Breaking Out of the GPU?

        >a few guys

        To be clear: competing with each other, not a team. Time-trial thing.

        You'll also be startled at the sheer level of "public" LUP pre-prepped cracks for simple check&use. Think databases of rainbow tables, on steroids. Open access.

        Then automate that with AI.

        2 0 Reply
  5. M.V. Lipvig Silver badge

    How in the hell

    do people come up with this convoluted shit to find a way into this stuff? If I hop sideways 3 times, spin counterclockwise, stick my left index finger into my right nostril and belch, the bank vault opens? Admittedly I'm more on the nuts and bolts side of computer networking, ie the really long wire between boxes that is the telecom network, but some of this stuff sounds no different than voodoo.

    4 0 Reply
  6. Phil Koenig Bronze badge

    AI GO BOOM

    There's a part of me that kinda wishes I'd been the one to develop something to take down all the so-called "AI" hosts...

    1 1 Reply
    1. CowHorseFrog Silver badge
      Reply Icon

      Re: AI GO BOOM

      But the world wouldnt notice, give AI is mostly likely hype and hardly delivers actual quality or value.

      0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like