A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads. NVIDIA released an update last September to patch CVE-2024-0132, a time-of-check time-of-use (TOCTOU) vulnerability that earned a CVSS rating of 9 out of 10, in the NVIDIA Container Toolkit. However, after closer inspection, researchers from Trend Micro and Wiz separately discovered a secondary flaw that the patch did not mitigate, so some users even on patched systems would still be at risk.

‍