Scribd
Upload
37 views2 pages

AAR Re Advisory No. CSOC-2025-0030

Uploaded by

berlanbeverlee62
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
37 views2 pages

AAR Re Advisory No. CSOC-2025-0030

Uploaded by

berlanbeverlee62
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Republic of the Philippines

NATIONAL POLICE COMMISSION


PHILIPPINE NATIONAL POLICE, POLICE REGIONAL OFFICE 2
BATANES POLICE PROVINCIAL OFFICE
BASCO MUNICIPAL POLICE STATION
Brgy. Kaychanarianan, Basco, Batanes

MEMORANDUM

FOR : Provincial Director, Batanes PPO


(Attn: C, PPPU)

FROM : Officer-In-Charge

SUBJECT : Action Taken on the Advisory No. CSOC-2025-0030 NVIDIA


Container Toolkit Vulnerabilities

DATE : July 31, 2025

1. Reference: Memorandum from Chief, PPPU dated July 31, 2025 with
subject: “Advisory No. CSOC-2025-0030 NVIDIA Container Toolkit
Vulnerabilities”

2. This This pertains to CVE-2024-0132, a critical time-of-check-to-time-of-use


(TOCTOU) vulnerability affecting NVDIA’s Container Toolkit and its Kubernetes GPU
Operator, with far-reaching implications for multi-tenant Kubernetes clusters in which
the vulnerability allows crafted container images to mount a host’s root filesystem,
access runtime sockets such as docker.sock, and launch privileged containers,
effectively enabling container escape and full host compromise. With an estimated
impact across 35% of cloud environments and a CVSS score of 9.0, affected
versions include Container Toolkit v1.162, which is patched in v1.17.4 and GPU
Operator latest patches, restricting GPU-enabled nodes to signed and trusted
images, enabling runtime monitoring solutions like Falco, and enforcing stringent
Kubernetes isolation policies. Researchers Hillai Ben-Sasson and Andres Riancho
have emphasized the exploit’s simplicity, which heightens its severity. The
vulnerability and its practical exploits will be showcased at Black Hat USA on August
6, 2025, in a session titled “Breaking Out of The AI Cage: Pawning Al porviders with
NVIDIA Vulnerabilities,” featuring real-world attack scenarios against platforms such
as Replicate and Digital Ocean, with demonstrations of unauthorized cross-tenant
access through container escape techniques.

3. Please be informed that IT PNCO of this Station implemented the security


measures recommended by the PNP CSOC.

4. For information.

JONARD V DAYAO
Police Captain

“Sa Bagong Pilipnas, Ang gusto ng Pulis, Ligtas Ka!”


ACTION PHOTOS

“Sa Bagong Pilipnas, Ang gusto ng Pulis, Ligtas Ka!”

You might also like