Skip to content

PoC for CVE-2021-1056, related to GPU Container Security

License

Notifications You must be signed in to change notification settings

pokerfaceSad/CVE-2021-1056

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2021-1056

LICENSE

CVE-2021-1056 is a vulnerability I submitted to NVIDIA PSIRT. Personally, it may lead to high security risks in multi-tenant HPC clusters, especially in cloud machine-learning platforms.

This repository simply demonstrates the vulnerability on GPU containers created by nvidia-container-runtime.

How it works

By creating specific character device files an attacker in a GPU container(container created by nvidia-container-runtime) is able to get access to all GPU devices on the host.

It also works on GPU pod created by k8s-device-plugin on kubernetes cluster.

Prerequisite

  • Docker 19.03

  • nvidia-container-toolkit

  • NVIDIA Driver 418.87.01 / 450.51.05

  • NVIDIA GPU Tesla V100 / TITAN V / Tesla K80

NOTE: only a few test environments included, but refer to NVIDIA Security Bulletin, this vulnerability works on all GeForce, NVIDIA RTX/Quadro, NVS and Tesla series GPU, and all version drivers.

QuickStart

See QuickStart.md

How to prevent

Recommended

Or

  • Add arg --cap-drop MKNOD to the docker run to forbid the mknod in containers
  • Enable security context in kubernetes clusters when creating a pod

License

This project is licensed under the MIT License.

Issues and Contributing

Feel free to submit Issues and Pull Requests if you have any problems.

About

PoC for CVE-2021-1056, related to GPU Container Security

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages