CVE-2024-0132
published 2024-09-26CVE-2024-0132: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a…
high8.3CVSS 3.1
AVNACHPRNUIRSCCHIHAH
EXPLOIT
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | nvidia_nvidia-container-toolkit | >= 0 < 1.16.2 | 1.16.2 |
| msrc | azure_kubernetes_service_node_on_azure_linux | — | — |
| msrc | azure_kubernetes_service_node_on_ubuntu_linux | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| nvidia | container_toolkit | — | — |
| nvidia | gpu_operator | — | — |
| nvidia | nvidia_container_toolkit | < 1.16.2 | 1.16.2 |
| nvidia | nvidia_gpu_operator | < 24.6.2 | 24.6.2 |