nvidia | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for unauthorized access to the underlying host. While this flaw was resolved by NVIDIA in September 2024, a new analysis by Trend Micro has revealed the fix to be incomplete and that there also exists a related performance flaw affecting Docker on Linux that could result in a denial-of-service (DoS) condition. "These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions," Trend Micro researcher Abdelrahman Esmail said in a new report published today. The fact that the TOCTOU vulnerability persists means that a ...

Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All versions up to and including 1.17.3) - Fixed in version 1.17.4 NVIDIA GPU Operator (All versions up to and including 24.9.1) - Fixed in version 24.9.2 "NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use ( TOCTOU ) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system," the company said in an advisory on Tuesday. "A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." Cl...

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132 , carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and NVIDIA GPU Operator version 24.6.2. "NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-Check Time-of-Use ( TOCTOU ) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system," NVIDIA said in an advisory. "A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." The issue impacts all versions of NVIDIA Container Toolkit up to and including v1.16.1, and Nvidia GPU Operator up to and i...

Cisco on Wednesday rolled out patches to address  three security flaws  affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as  CVE-2022-28199  (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (DoS) condition and cause an impact on data integrity and confidentiality. "If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial-of-service (DoS) condition," Cisco  said  in a notice published on September 7. DPDK  refers to a set of libraries and optimized network interface card (NIC) drivers for fast packet processing, offering a framework and common API for high-speed networking applications. Cisco said it investigated its product lineup and determined the following se...

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology. "We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict," the company  said  in a security notice. "However, we are aware that the threat actor took employee passwords and some NVIDIA proprietary information from our systems and has begun leaking it online." The incident is said to have come to light on February 23, with the company noting that it's taken steps to analyze the leaked information and that it's enforcing all of its employees to change their passwords with immediate effect. The confirmation comes days after  The Telegraph  last week reported that the company is investigating a potential cyber ...

U.S. graphics chip specialist NVIDIA has released  software updates  to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB running all Jetson Linux versions prior to 32.5.1. The company credited Frédéric Perriot of Apple Media Products for reporting all the issues. The  NVIDIA Jetson  line consists of embedded Linux AI and computer vision compute modules and developer kits that primarily caters to AI-based computer vision applications and autonomous systems such as mobile robots and drones. Chief among the vulnerabilities is CVE‑2021‑34372 (CVSS score: 8.2), a buffer overflow flaw in its  Trusty  trusted execution environment (TEE) th...

China no longer owns the fastest supercomputer in the world; It is the United States now. Though China still has more supercomputers on the Top 500 list, the USA takes the crown of "world's fastest supercomputer" from China after IBM and the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) unveiled " Summit ." Summit is claimed to be more than twice as powerful as the current world leader with a peak performance of a whopping 200,000 trillion calculations per second—that's as fast as each 7.6 billion people of this planet doing 26.3 million calculations per second on a calculator. Until now the world's most powerful supercomputer was China's Sunway TaihuLight with the processing power of 93 petaflops (93,000 trillion calculations per second). Since June 2012, the U.S. has not possessed the world's most powerful supercomputer, but if Summit performs as claimed by IBM, it will be made straight to the top of the Top5...

Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are usually complex systems equipped with the latest technology and the idea to exploit them as possible attack vectors cultivated by many governments. Researchers at ReVuln, Luigi Auriemma and Donato Ferrante , presented at Black Hat Europe 2013 in Amsterdam how to convert local bugs and features in remotely exploitable security vulnerabilities by using the popular EA Origin 3 platform as an attack vector against remote systems. EA Origin is one of the biggest gaming related digital delivery platforms with more than 40 million the access it to purchase games for any kind of platform, from mobile to PC. Before describe the discovery of the two Italian experts let's give analy...

Chipmaker Nvidia announced that a new supercomputer built in China, powered by over 7,000 of its graphics processor units (GPUs), is now the world's fastest. This supercomputer, constructed by the National University of Defense Technology and located at the National Supercomputing Center in Tianjin, has a processing power equivalent to 175,000 laptop computers, according to Nvidia officials. With sustained performance reaching 2.5 petaflops, this Chinese supercomputer, named Tianhe-1A, is 30% faster than the world's second most powerful supercomputer at Oak Ridge National Laboratory in Tennessee, as per Nvidia's claims. The Tianhe-1A will serve scientists in various fields and will also be available for international use. Nvidia, known for its high-end video cards favored by gamers, is now promoting its technology for diverse applications beyond graphics, including supercomputers that run complex simulations in astrophysics and other computation-heavy tasks. Supercomputer...