Incomplete Patch in NVIDIA Toolkit Puts Sensitive Data at Risk

Cybersecurity researchers have revealed that an incomplete fix for a previously addressed security vulnerability affects the NVIDIA Container Toolkit, which, if successfully exploited, could endanger sensitive data. The initial vulnerability, CVE-2024-0132, with a CVSS score of 9.0, is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack. This flaw would allow an attacker to escape the container and access sensitive data.