Researchers at Wiz have discovered a critical vulnerability in the Nvidia Container Toolkit that affects 37 percent of all cloud environments. NVIDIAScape allows hackers to escape containers and gain complete control over servers with just three lines of code.
The vulnerability, which has been given a CVSS score of 9.0, does not require advanced knowledge or tools. With just three lines of code, attackers can gain complete control of the server and leave the container. This simplicity makes the risk even greater, as exploiting the vulnerability is within the reach of relatively inexperienced hackers.
A successful attack also gives malicious actors access to all data on the server. This can lead to the theft of business-critical information, manipulation of AI models, and the breach of isolation between different customers.
Fundamental breach in security
The Nvidia Container Toolkit is essential for AI infrastructure. Virtually all major cloud providers utilize this technology to provide their customers with access to Nvidia GPUs for AI workloads. The system functions as a security barrier between containers and the underlying host system.
However, that barrier is not as robust as previously thought. Wiz researchers discovered that malicious actors can escape from the isolated container environment with a simple attack. Once outside, they can access sensitive data and proprietary models belonging to other customers running on the same shared hardware.
What is particularly worrying is that this is already the second critical vulnerability that Wiz has found in the Nvidia Container Toolkit within a year. This indicates a structural problem rather than an isolated incident.
Tip: Nvidia CEO: Every country must build its own AI infrastructure