\n<\/p>\n
Researchers are urging enterprises that rely on Nvidia GPUs for their AI workloads to ensure that systems are patched against critical security vulnerabilities in an NVIDIA toolkit for running GPU-accelerated containers. If exploited, the bugs can allow attackers to gain access to sensitive data,\u00a0<\/span>steal proprietary AI models<\/a><\/span>, or create operational disruptions.<\/span><\/p>\n NVIDIA released an update last September to patch\u00a0<\/span>CVE-2024-0132<\/a><\/span>, a time-of-check time-of-use (TOCTOU) vulnerability that earned a CVSS rating of 9 out of 10, in the NVIDIA Container Toolkit.<\/span><\/p>\n However, after closer inspection, researchers from Trend Micro and Wiz separately discovered a secondary flaw that the patch did not mitigate, so some users, even on patched systems, would still be at risk.<\/span><\/p>\n Researchers at Trend Micro flagged what they deemed this “incomplete” fix for CVE-2024-0132 in a\u00a0<\/span>recent blog post<\/a><\/span>\u00a0and wrote the related bug allows denial-of-service (DoS). This may have created confusion among those who thought their systems were protected once the initial patch was applied, security experts say.<\/span><\/p>\n