Tag Archives: Container

About Remote Code Execution – NVIDIA Container Toolkit (CVE-2024-0132) vulnerability

Leave a reply

About Remote Code Execution - NVIDIA Container Toolkit (CVE-2024-0132) vulnerability

About Remote Code Execution – NVIDIA Container Toolkit (CVE-2024-0132) vulnerability. NVIDIA’s bulletin was released on September 25. The vulnerability was found by researchers from Wiz.

Container Toolkit provides containerized AI applications with access to GPU resources. AI is now almost impossible without the use of video cards. 😏 Therefore, this component is very common.

The essence of the vulnerability is that a launched malicious container image can gain access to the host file system, which, in turn, can lead to the attacker’s code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

If an attacker gains access to a desktop in this way, it’s not so bad, but what if he gains access to Kubernetes nodes or a cluster? 🫣 AI service providers (a la Hugging Face) that launch untrusted images are at risk.

На русском

Vulristics: Microsoft Patch Tuesdays Q1 2021

Leave a reply

Vulristics: Microsoft Patch Tuesdays Q1 2021. Hello everyone! It has been 3 months since my last review of Microsoft vulnerabilities for Q4 2020. In this episode I want to review the Microsoft vulnerabilities for the first quarter of 2021. There will be 4 parts: January, February, March and the vulnerabilities that were released between the Patch Tuesdays.

I will be using the reports that I created with my Vulristics tool. This time I’ll try to make the episodes shorter. I will describe only the most critical vulnerabilities. Links to the full reports are at the bottom of the blog post.

Continue reading