CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0132

Critical Severity
SVRS
79/100
CVSSv3
8.3/10
EPSS
0.04263/1

CVE-2024-0132 is a Time-of-check Time-of-Use (TOCTOU) vulnerability in NVIDIA Container Toolkit that could allow a malicious container image to access the host file system. This vulnerability affects versions 1.16.1 and earlier, specifically when the default configuration is used. Although the CVSS score is 8.3, with a SOCRadar Vulnerability Risk Score (SVRS) of 79, this vulnerability is nearing critical status, signaling a high-priority concern. Successful exploitation could lead to serious consequences like code execution, denial of service, privilege escalation, and data tampering. This CVE is especially concerning because exploits are actively available, increasing the likelihood of attacks. Users of NVIDIA Container Toolkit should update to a patched version immediately. This vulnerability highlights the importance of secure container configurations and timely patching to mitigate potential risks.

TAGS
In The Wild
Exploit Avaliable
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:R
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-09-26
LAST MODIFIED2024-10-02

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
r0binak/CVE-2024-0132https://github.com/r0binak/CVE-2024-01322024-12-20
ssst0n3/poc-cve-2024-0132https://github.com/ssst0n3/poc-cve-2024-01322024-10-15
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)2025-03-26
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data - CybersecurityNews
2025-04-12
NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data - CybersecurityNews | News Content: A critical vulnerability in NVIDIA’s Container Toolkit, CVE-2024-0132, remains exploitable due to an incomplete patch, endangering AI infrastructure and sensitive data. Coupled with a newly discovered denial-of-service (DoS) flaw in Docker on Linux, these issues could allow attackers to breach systems, steal proprietary AI models, or disrupt operations. Organizations using these tools for AI or cloud workloads must act swiftly to mitigate the risks. Flawed Fix Leaves Systems Exposed In September 2024, NVIDIA issued a security update for CVE
google.com
rss
forum
news
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro
2025-04-10
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro | News Content: A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. By: Abdelrahman Esmail Read time: ( words) Save to Folio Summary: Trend Research identified that NVIDIA’s September 2024 security update for a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit was incomplete, leaving systems potentially vulnerable to container escape attacks. Additionally, researchers discovered a denial-of-service (DoS) vulnerability affecting Docker
google.com
rss
forum
news
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro
2025-04-10
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro | News Content: 빠른 탐지와 정확한 대응. 강력한 전용 XDR, 공격 표면 위험 관리 및 제로 트러스트 기능으로 공격자보다 더 빠르게 움직입니다. 자세히 알아보기 엔드포인트용 XDR 단일 플랫폼에서 더 폭넓은 관점 및 더 나은 컨텍스트를 확보하여 공격자들을 더 빠르게 차단하고 위협을 추적, 탐지, 조사 및 대응하십시오. 자세히 알아보기 워크로드 보안 CNAPP 기능을 지원하는 클라우드 보안 플랫폼을 활용하여 성능 손상 없이 데이터 센터, 클라우드 및 컨테이너를 보호합니다. 자세히 알아보기 네트워크 침입 방지(IPS) 알려지거나 알려지지 않거나, 또는 공개되지 않은 취약점으로부터 네트워크를 보호합니다 자세히 알아보기 네트워크용
google.com
rss
forum
news
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro
2025-04-10
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro | News Content: A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. By: Abdelrahman Esmail Read time: ( words) Save to Folio Summary: Trend Research identified that NVIDIA’s September 2024 security update for a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit was incomplete, leaving systems potentially vulnerable to container escape attacks. Additionally, researchers discovered a denial-of-service (DoS) vulnerability affecting Docker
google.com
rss
forum
news
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro
2025-04-10
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks - Trend Micro | News Content: A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. By: Abdelrahman Esmail Read time: ( words) Save to Folio Summary: Trend Research identified that NVIDIA’s September 2024 security update for a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit was incomplete, leaving systems potentially vulnerable to container escape attacks. Additionally, researchers discovered a denial-of-service (DoS) vulnerability affecting Docker
google.com
rss
forum
news
Snap! -- Small Satellites, Diminished Reality, Chimp Retirement
Suzanne (Spiceworks)2025-04-11
Snap! -- Small Satellites, Diminished Reality, Chimp Retirement | Welcome to today’s edition of the Spiceworks Snap! It’s your daily dose of security and tech news, in brief, along with a mix of other odd or interesting things that might come up. We’re glad you came. Now, let’s jump right in…<
spiceworks.com
rss
forum
news
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Ajit Jasrotia2025-04-11
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes | Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for [&#8230;] The post Incomplete Patch in NVIDIA Toolkit Leaves CVE
allhackernews.com
rss
forum
news

Social Media

NVIDIA's latest patch for the NVIDIA Container Toolkit (CVE-2024-0132) leaves gaps in protection. Ensure you understand the risks, discover the potential impacts, and how to stay safe. Read our full report: ⬇️ https://t.co/BbRkzwb5Vm
0
0
0
⚠️ Critical alert: A flaw in the #NVIDIA Container Toolkit (CVE-2024-0132) leaves #AI infrastructure at risk of container escapes, data theft &amp; DoS—even after a patch. #DevOps #CyberSecurity #Docker #Containers 🔒 Read more: https://t.co/tOWdotoVyT
0
0
0
🚨 NVIDIA’s critical security fix failed! NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete attackers can still escape containers and gain root access (CVE-2025-23359). 👀 Admins: Threat actors are watching... ✅ Patch now ✅ Audit your containers ✅ Lock down Docker https://t.co/dde0Fr3Xrp
0
0
0
⚠️ Vulnerability Update: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks 🔎 CVE: CVE-2024-0132 📅 Timeline: The patch timeline is now explicitly mentioned as 2024-09-26 for disclosure and 2024-10-02 for the patch. 🛠️ exploitMaturity: No changes detected
0
0
0
Trend Micro alerts that Nvidia's patch for CVE-2024-0132 is incomplete, leaving AI containers vulnerable to attacks. High severity (9/10) risks data manipulation. #Nvidia #AIsecurity #USA link: https://t.co/ikbwYuwE2l https://t.co/OXVqZjHTnP
0
0
1
⚠️ Vulnerability Update: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks 🔎 CVE: CVE-2024-0132 📅 Timeline: The patch timeline is now explicitly mentioned as 2024-09-26 for disclosure and 2024-10-02 for the patch, confirming the update sequence. 🛠️
0
0
0
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://t.co/n86YMyELeS via @TheHackersNews
0
0
0
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://t.co/7AaYQBTfOb
0
2
1
CVE-2024-0132: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks https://t.co/0yEic9XoWq
0
0
0
⚠️ Vulnerability Alert: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks 📅 Timeline: Disclosure: 2024-09-26, Patch: 2024-10-02 📌 Attribution: NVIDIA 🆔 cveId: CVE-2024-0132 📊 baseScore: 9.0 📏 cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://nvidia.custhelp.com/app/answers/detail/a_id/5582

CWE Details

CWE IDCWE NameDescription
CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionThe software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence