Publication Date: 2024/10/01 6:35 PM PDT
AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin.
Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images (AMIs) version v20240928 with the patched NVIDIA container toolkit v1.16.2. Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation. Customers using Karpenter can update their nodes by following the documentation on drift or AMI selection. Customers using self-managing worker nodes can replace existing nodes by referring to the EKS documentation.
Bottlerocket
Amazon has released Bottlerocket 1.24.0, which includes the patched NVIDIA container toolkit v1.16.2, and recommend customers using Bottlerocket apply this update or a newer version. Further information will be posted in the Bottlerocket Security Advisories and the Bottlerocket Release Notes.
If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com.