Vulnerability cyber

NVIDIA

Apr 12, 2025 2 min read
NVIDIA

A critical flaw, CVE-2024-0132, in NVIDIA’s Container Toolkit has remained exploitable due to an incomplete patch, leaving AI infrastructure and sensitive data at risk. This vulnerability, coupled with a newly found Docker DoS flaw on Linux, endangers systems by potentially letting attackers steal AI models, disrupt operations, or execute DoS attacks. The initial patch provided by NVIDIA was later found to be inadequate for versions 1.17.3 and below, and conditionally for 1.17.4, making them susceptible to breaches and command execution with root privileges. The Docker issue can result in CPU usage spikes and SSH access loss, disrupting services and rendering systems unresponsive. The exposure primarily affects organizations using these tools for AI or cloud workloads, including industries like healthcare, finance, and autonomous systems.

Source: https://cybersecuritynews.com/nvidias-incomplete-patch-for-critical-flaw-lets-attackers-steal-ai-model-data/

TPRM report: https://scoringcyber.rankiteo.com/company/nvidia

"id": "nvi108041225",
"linkid": "nvidia",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': ['Healthcare',
                                     'Finance',
                                     'Autonomous Systems'],
                        'type': 'Organizations'}],
 'attack_vector': 'Software Vulnerability, DoS Attack',
 'data_breach': {'type_of_data_compromised': ['AI models', 'Sensitive Data']},
 'description': 'A critical flaw, CVE-2024-0132, in NVIDIA’s Container Toolkit '
                'has remained exploitable due to an incomplete patch, leaving '
                'AI infrastructure and sensitive data at risk. This '
                'vulnerability, coupled with a newly found Docker DoS flaw on '
                'Linux, endangers systems by potentially letting attackers '
                'steal AI models, disrupt operations, or execute DoS attacks. '
                'The initial patch provided by NVIDIA was later found to be '
                'inadequate for versions 1.17.3 and below, and conditionally '
                'for 1.17.4, making them susceptible to breaches and command '
                'execution with root privileges. The Docker issue can result '
                'in CPU usage spikes and SSH access loss, disrupting services '
                'and rendering systems unresponsive.',
 'impact': {'data_compromised': ['AI models', 'Sensitive Data'],
            'operational_impact': 'Disruption of operations, Service '
                                  'unresponsiveness',
            'systems_affected': ['AI infrastructure',
                                 'Linux systems using Docker']},
 'initial_access_broker': {'high_value_targets': ['AI infrastructure',
                                                  'Linux systems using '
                                                  'Docker']},
 'motivation': 'Data Theft, Disruption of Operations',
 'post_incident_analysis': {'root_causes': 'Incomplete patch for '
                                           'CVE-2024-0132, Docker DoS flaw on '
                                           'Linux'},
 'title': 'Critical Flaw in NVIDIA’s Container Toolkit and Docker DoS '
          'Vulnerability',
 'type': 'Vulnerability Exploitation, DoS Attack',
 'vulnerability_exploited': 'CVE-2024-0132, Docker DoS flaw on Linux'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.