CVE-2024-0133

CWE-3677 documents6 sources
Severity
3.4LOW
EPSS
0.6%
top 29.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Github.com NVIDIA/nvidia-container-toolkitNvidia Nvidia Container ToolkitNvidia Nvidia GPU Operator+2 more
Timeline
PublishedSep 26
Latest updateNov 4

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages5 packages

CVEListV5nvidia/container_toolkitAll versions up to and including v1.16.1
CVEListV5nvidia/gpu_operatorAll versions up to and including 24.6.1

🔴Vulnerability Details

4
OSV
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system in github.com/NVIDIA/nvidia-container-toolkit2024-11-04
GHSA
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system2024-10-29
OSV
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system2024-10-29
CVEList
CVE-2024-0133: NVIDIA Container Toolkit 12024-09-26

📋Vendor Advisories

2
Red Hat
nvidia-container-toolkit: Data tampering in NVIDIA Container Toolkit2024-09-26
Microsoft
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This do2024-09-10
CVE-2024-0133 (LOW CVSS 3.4) | NVIDIA Container Toolkit 1.16.1 or | cvebase.io