CVE-2024-0132

CRITICAL

NVIDIA Container Toolkit < 1.16.2 - Time-of-check Time-of-use Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-0132. PoCs published by r0binak, ssst0n3.

AI-analyzed exploit summary This PoC exploits a TOCTOU vulnerability in NVIDIA Container Toolkit 1.16.1 or earlier, allowing container breakout and host filesystem access via crafted symlinks in a Docker image. The exploit leverages directory traversal to expose host files within the container.

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Exploits (3)

exploitdb WORKING POC
by r0binak · textlocallinux
https://www.exploit-db.com/exploits/52095

This PoC exploits a TOCTOU vulnerability in NVIDIA Container Toolkit 1.16.1 or earlier, allowing container breakout and host filesystem access via crafted symlinks in a Docker image. The exploit leverages directory traversal to expose host files within the container.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA Container Toolkit <= 1.16.1
No auth needed
Prerequisites: Docker environment with NVIDIA Container Toolkit <= 1.16.1 · Ability to build and run custom Docker images
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by r0binak · poc
https://github.com/r0binak/CVE-2024-0132

This PoC exploits a TOCTOU (Time-of-Check to Time-of-Use) vulnerability in the NVIDIA container toolkit by manipulating symbolic links in `/usr/local/cuda/compat/` to achieve path traversal and mount the host filesystem. The Dockerfile demonstrates the exploit by creating a malicious container image that bypasses path resolution checks.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA container toolkit (libnvidia-container)
No auth needed
Prerequisites: Docker environment · NVIDIA container toolkit installed · Ability to run containers with NVIDIA runtime
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 5 stars
by ssst0n3 · poc
https://github.com/ssst0n3/poc-cve-2024-0132

This repository contains a functional exploit PoC for CVE-2024-0132, targeting NVIDIA container toolkit to achieve container escape via symlink manipulation and Docker socket access. The exploit demonstrates host file access and Docker API interaction from within a container.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA container toolkit <= v1.16.1
No auth needed
Prerequisites: NVIDIA GPU with driver installed · Docker with NVIDIA runtime configured · Host running Ubuntu 22.04
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.0
EPSS 0.0391
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Products (3)
NVIDIA/nvidia-container-toolkit 0 - 1.16.2Go
nvidia/nvidia_container_toolkit < 1.16.2
nvidia/nvidia_gpu_operator < 24.6.2
Published Sep 26, 2024
Tracked Since Feb 18, 2026