Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-0132

CWE-36721 documents10 sources
Severity
8.3HIGH
EPSS
3.7%
top 11.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Github.com NVIDIA/nvidia-container-toolkitNvidia Nvidia Container ToolkitNvidia Nvidia GPU Operator+2 more
Timeline
PublishedSep 26
Latest updateApr 10

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages5 packages

CVEListV5nvidia/container_toolkitAll versions up to and including v1.16.1
CVEListV5nvidia/gpu_operatorAll versions up to and including 24.6.1

🔴Vulnerability Details

4
OSV
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability in github.com/NVIDIA/nvidia-container-toolkit2024-11-04
GHSA
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability2024-10-29
OSV
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability2024-10-29
CVEList
CVE-2024-0132: NVIDIA Container Toolkit 12024-09-26

💥Exploits & PoCs

1
Exploit-DB
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)2025-03-26

📋Vendor Advisories

3
Microsoft
CVE-2024-0132: FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One2024-10-08
Microsoft
NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability2024-10-08
Red Hat
nvidia-container-toolkit: Time-of-check Time-of-use (TOCTOU) Race Condition in NVIDIA Container toolkit2024-09-26

🕵️Threat Intelligence

12
Trendmicro
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks2025-04-10
Trendmicro
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks2025-04-10
Trendmicro
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks2025-04-10
Trendmicro
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks2025-04-10
Trendmicro
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks2025-04-10
CVE-2024-0132 (HIGH CVSS 8.3) | NVIDIA Container Toolkit 1.16.1 or | cvebase.io