Skip to main content
CVE Vulnerability Database

CVE-2024-0135: NVIDIA Container Toolkit RCE Vulnerability

CVE-2024-0135 is a remote code execution flaw in NVIDIA Container Toolkit that allows attackers to modify host binaries through crafted container images. This article covers technical details, affected versions, and mitigations.

Updated:

CVE-2024-0135 Overview

CVE-2024-0135 is a high-severity improper isolation vulnerability in NVIDIA Container Toolkit that allows a specially crafted container image to modify host binaries. This container escape vulnerability can enable attackers who control a malicious container image to break out of container isolation and tamper with the underlying host system's executable files.

A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering on the host system running vulnerable versions of the NVIDIA Container Toolkit or GPU Operator.

Critical Impact

Container escape vulnerability enabling host binary modification with potential for code execution, privilege escalation, and complete system compromise.

Affected Products

  • NVIDIA Container Toolkit
  • NVIDIA GPU Operator
  • Linux Kernel (as underlying platform)

Discovery Timeline

  • 2025-01-28 - CVE-2024-0135 published to NVD
  • 2025-10-06 - Last updated in NVD database

Technical Details for CVE-2024-0135

Vulnerability Analysis

This vulnerability is classified under CWE-653 (Improper Isolation or Compartmentalization). The NVIDIA Container Toolkit is designed to allow containerized applications to access NVIDIA GPUs on the host system. To accomplish this, the toolkit creates bridges between containers and host resources. However, a flaw in the isolation mechanisms allows a specially crafted container image to escape its intended boundaries and modify binaries on the host filesystem.

The attack requires network access but involves high complexity, privileged access on the attacking container, and requires user interaction. Despite these barriers, successful exploitation results in cross-scope impact affecting confidentiality, integrity, and availability of the host system.

Root Cause

The root cause is improper isolation between the containerized environment and the host system. The NVIDIA Container Toolkit fails to adequately restrict container access to host resources, allowing a malicious container to interact with and modify host binaries that should be protected from container-level access. This represents a fundamental breakdown in the security boundaries that containers are expected to maintain.

Attack Vector

The attack requires an attacker to craft a malicious container image that exploits the isolation weakness when executed on a system running the vulnerable NVIDIA Container Toolkit. The exploitation chain involves:

  1. Creating a specially crafted container image designed to exploit the isolation flaw
  2. Having the malicious container executed on a target system with vulnerable NVIDIA Container Toolkit
  3. Leveraging the improper isolation to access and modify host system binaries
  4. Achieving code execution, privilege escalation, or other malicious objectives on the host

The attack vector is network-based with high attack complexity, requiring high privileges within the container and some user interaction. However, the scope change indicator means that a successful exploit impacts resources beyond the vulnerable component's security scope.

Detection Methods for CVE-2024-0135

Indicators of Compromise

  • Unexpected modifications to host system binaries, particularly those related to NVIDIA drivers or container runtime components
  • Anomalous container behavior attempting to access host filesystem paths outside normal container mount points
  • Suspicious container images with unusual entry points or startup scripts targeting host resources
  • File integrity monitoring alerts on critical host binaries

Detection Strategies

  • Implement file integrity monitoring (FIM) on host system binaries to detect unauthorized modifications
  • Monitor container runtime logs for suspicious mount operations or filesystem access patterns
  • Deploy runtime security solutions that detect container escape attempts and anomalous behavior
  • Review container images for suspicious configurations before deployment using image scanning tools

Monitoring Recommendations

  • Enable audit logging for all container operations, particularly those involving GPU access through NVIDIA Container Toolkit
  • Monitor for containers attempting to access sensitive host paths such as /usr/bin, /usr/lib, or NVIDIA driver directories
  • Implement behavioral analysis to detect containers exhibiting escape-like behavior patterns
  • Set up alerts for any modifications to NVIDIA Container Toolkit configuration files

How to Mitigate CVE-2024-0135

Immediate Actions Required

  • Review and update NVIDIA Container Toolkit to the latest patched version as specified in the NVIDIA security advisory
  • Audit all container images in your environment for potential malicious modifications
  • Restrict container image sources to trusted registries only
  • Implement runtime security controls to detect and prevent container escape attempts

Patch Information

NVIDIA has released security updates to address this vulnerability. Organizations should consult the NVIDIA Security Advisory for specific patch information and updated versions of the NVIDIA Container Toolkit and GPU Operator. Apply the appropriate patches according to your deployment configuration.

Workarounds

  • Restrict the use of untrusted container images until patches can be applied
  • Implement strict container security policies using tools like OPA Gatekeeper or Kyverno to validate container configurations
  • Enable read-only root filesystems for containers where possible to limit potential attack surface
  • Consider network segmentation to limit the exposure of systems running vulnerable NVIDIA Container Toolkit versions

Organizations should prioritize patching as the primary remediation strategy, as workarounds may not fully address all exploitation scenarios.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.