Researchers are urging enterprises that depend on Nvidia GPUs for his or her AI workloads to make sure that techniques are patched towards vital safety vulnerabilities in an NVIDIA toolkit for working GPU-accelerated containers. If exploited, the bugs can permit attackers to achieve entry to delicate knowledge, steal proprietary AI models, or create operational disruptions.
NVIDIA launched an replace final September to patch CVE-2024-0132, a time-of-check time-of-use (TOCTOU) vulnerability that earned a CVSS score of 9 out of 10, within the NVIDIA Container Toolkit.
Nonetheless, after nearer inspection, researchers from Development Micro and Wiz individually found a secondary flaw that the patch didn’t mitigate, so some customers, even on patched techniques, would nonetheless be in danger.
Researchers at Development Micro flagged what they deemed this “incomplete” repair for CVE-2024-0132 in a recent blog post and wrote the associated bug permits denial-of-service (DoS). This may increasingly have created confusion amongst those that thought their techniques had been protected as soon as the preliminary patch was utilized, safety specialists say.
Keep reading his article in Dark Reading, a DCN partner site
