AWS-2024-010
Scope: AWS Content Type: Important (requires attention) Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our " Amazon ECS-optimized Linux AMIs " developer guide. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images (AMIs) version v20240928 with the patched NVIDIA container toolkit v1.16.2. Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation . Customers using Karpenter can update their nodes by following the documentation on drift or AMI selection . Customers using self-managing worker nodes can replace existing nodes by referri…
Timeline
- Oct 1, 2024 CVE Published
References
- Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133) advisory
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html web
- https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html web
- https://karpenter.sh/docs/concepts/disruption/#drift web
- https://karpenter.sh/docs/concepts/nodeclasses/#specamiselectorterms web
- https://docs.aws.amazon.com/eks/latest/userguide/update-workers.html web
- https://github.com/bottlerocket-os/bottlerocket/security/advisories web
- https://github.com/bottlerocket-os/bottlerocket/releases web