A critical-severity flaw in Nvidia Container Toolkit and GPU Operator impacts AI applications and more than a third of cloud environments, according to Wiz researchers.

A recently discovered critical-severity Nvidia vulnerability poses a “serious risk” for the security of data, according to researchers that uncovered the issue.

The flaw (tracked at CVE-2024-0132) impacts Nvidia Container Toolkit and GPU Operator, and was discovered by researchers at cloud and AI security vendor Wiz.

[Related: The 10 Biggest Nvidia News Stories Of 2024 (So Far)]

Nvidia has also disclosed a second, medium-severity vulnerability affecting Container Toolkit (and tracked at CVE-2024-0133).

What follows are five things to know on the “critical” Nvidia AI vulnerability.

AI Apps, Cloud Environments Affected

The critical-severity flaw “impacts any AI application – in the cloud or on-premise – that is running the vulnerable container toolkit to enable GPU support,” Wiz researchers wrote in a blog post.

This is because Nvidia Container Toolkit provides access to GPU resources to containerized AI apps, according to the researchers.

In all, more than 35 percent of cloud environments are believed to be vulnerable to the vulnerability, given that Container Toolkit is widely used, the Wiz researchers said.

Data, Infrastructure At Risk

The critical vulnerability can allow a threat actor that controls an affected container image to “escape from that container and gain full access to the underlying host system,” the researchers wrote.

This poses “a serious risk to sensitive data and infrastructure,” according to the post.

The vulnerability has a severity rating of 9.0 out of 10.0, according to Nvidia.

Exploitation Not Mentioned So Far

Nvidia’s security bulletin about the issue on Sept. 25, and Wiz’s post the following day, did not mention whether any exploitation of the critical vulnerability has been observed.

CRN has reached out to Nvidia for comment.

Wiz researchers said in their post that they were “omitting exploit information for now so that impacted organizations have time to address the vulnerability.”

Patch Available

Nvidia has released a fix for both vulnerabilities in Container Toolkit v1.16.2 and GPU Operator 24.6.2.

“Patching is highly recommended for container hosts running Container Toolkit in vulnerable versions, while prioritizing hosts that are likely to run containers, especially those built from images originating in untrusted sources,” Wiz researchers said in their post.

Prioritization

Runtime validation can help with patching prioritization, “so as to focus patching efforts on instances where the toolkit is definitely in use,” the researchers said.

Ultimately, “the urgency with which you should fix the vulnerability depends on the architecture of your environment and the level of trust you place in running images,” Wiz researchers wrote. “Any environment that allows the use of third party container images or AI models – either internally or as-a-service – is at higher risk given that this vulnerability can be exploited via a malicious image.”