CVE-2024-0133
published 2024-09-26CVE-2024-0133: NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create…
low3.4CVSS 3.1
AVNACHPRNUIRSCCNILAN
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | nvidia_nvidia-container-toolkit | >= 0 < 1.16.2 | 1.16.2 |
| msrc | azl3_nvidia-container-toolkit_1.15.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_nvidia-container-toolkit_1.16.2-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.13.5-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.16.2-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| nvidia | container_toolkit | — | — |
| nvidia | gpu_operator | — | — |
| nvidia | nvidia_container_toolkit | < 1.16.2 | 1.16.2 |
| nvidia | nvidia_gpu_operator | < 24.6.2 | 24.6.2 |