Headline
CVE-2024-0132: NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability
What actions do customers need to take to protect themselves from this vulnerability?
Customers with Ubuntu Linux or Azure Linux based Azure Kubernetes Service (AKS) Node Pools using NVIDIA GPU driver configurations are affected by this vulnerability. Please see below for details on how to update your resources to be protected against this vulnerability.
Customers with Azure Linux based AKS Node Pool resources must manually install AKS Node image version 2024.1009.1 to be protected against this vulnerability by running the following CLI command:
tdnf install https://packages.microsoft.com/cbl-mariner/2.0/prod/base/x86_64/Packages/n/nvidia-container-toolkit-1.16.2-1.cm2.x86_64.rpm
Note: The AKS node image, version 20241009.1, will be deployed in November and contain this package by default. Customers can monitor the status of this deployment by using AKS Release Tracker.
Customers with Ubuntu Linux based AKS Node Pool resources must manually upgrade the driver version of their AKS Nodes to version 202410.09.0 to be protected against this vulnerability by following the guidance here: AKS Node Image Upgrade.
Note: This upgrade will not alter your Kubernetes version.