Issues with Nvidia expose critical infrastructure and AI models

Researchers are highly recommending enterprises that use Nvidia GPUs for AI tasks to check whether the systems are patched against the major vulnerabilities in the toolkit. The bugs might be used by the attackers to impact operations, as well as get access to sensitive data.

Reaction of NVIDIA to the vulnerability
Last September, there was an update to patch CVE-2024-0132, a TOCTOU vulnerability that received a CVSS rating of nine out of ten in the Container Toolkit.

Despite this update from NVIDIA, researchers from Trend Micro have found another flaw that could not be solved with this patch. There were lots of scenarios when patched systems still had high vulnerability risks.

In the recent blog post, the researchers from Trend Micro stated that this update for CVE-2024-0132 doesn’t solve the problem fully and mentioned that the bug allows DoS. This can become a huge issue for those users who considered their systems protected after application of the patch.