Publication Date: 2024/10/01 6:35 PM PDT

AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin.

Amazon Elastic Container Service (Amazon ECS)

Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide.

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images (AMIs) version v20240928 with the patched NVIDIA container toolkit v1.16.2. Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation. Customers using Karpenter can update their nodes by following the documentation on drift or AMI selection. Customers using self-managing worker nodes can replace existing nodes by referring to the EKS documentation.

Bottlerocket

Amazon has released Bottlerocket 1.24.0, which includes the patched NVIDIA container toolkit v1.16.2, and recommend customers using Bottlerocket apply this update or a newer version. Further information will be posted in the Bottlerocket Security Advisories and the Bottlerocket Release Notes.

If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com.