Views:

These vulnerabilities have been reported to impact the following:

  • NVIDIA Container Toolkit version 1.16.1 or earlier
  • NVIDIA GPU Operator versions 24.6.1 or earlier
  • Using default configuration
  • Cases where the Container Device Interface (CDI) is used are said to be not impacted.

 

Trend Micro Protection and Detection Against Exploitation

First and foremost, it is always recommended that users apply vendor-specific patches when they are available.  In this case, NVIDIA has released the following patches in response to the vulnerabilities and customers are strongly encouraged to update as soon as possible:

  • NVIDIA Container Toolkit 1.16.2 has been released that resolves the issue. 
  • NVIDIA GPU Operator update to version 24.6.2 also resolves issues related to this component.

In addition to the vendor patch(s) that should be applied, Trend Micro has released some updates that may help provide additional protection and detection of malicious components associated with this vulnerability.

Trend Vision One™ 

Trend Micro has added Time-Critical Vulnerability alert in the Trend Vision One Executive Dashboard that will be continually updated with additional information related to prevention and detection as it becomes available.

 

Trend Vision One™ Container Security

Trend Vision One Container Security customers can use this proactive technology to uncover vulnerabilities, malware, and compliance violations within container images by detecting this vulnerability on the pipeline and allowing administrators to use admission control policy enforcement to block new container images in production.  In addition, runtime detection is available. Scanning for CVE-2024-0132 is now available and will also reflect in Vision One's Attack Surface Risk Management (ASRM).