Hey all, new here but been lurking. I'm trying to get up to speed on the NemoClaw GPU isolation stuff.
Our recent pen test flagged a "GPU memory residue leakage" vulnerability in our on-prem cluster. The report references CVE-2024-... wait, maybe it's a CVSS score? Anyway, it says an attacker could read residual VRAM from a previous tenant workload.
I set up a small lab with two VMs using passthrough GPUs (A100s). I ran a workload that fills VRAM with a known pattern, shut it down, and launched a different tenant's workload that tries to dump memory. But I can't read the old data—I just get zeros or my own process's memory.
My question: Is the isolation break more subtle? Do I need to be on the same physical GPU but in a different vGPU profile? Or does the attack rely on a specific driver bug? The pen test report is light on PoC details.
What am I missing here? Is this about the hardware-level guardrails (like NVIDIA's MIG) not being configured right, or is it a hypervisor-level thing? Any pointers on what to actually test for would be awesome.