CVE-2024-0134
published 2024-11-05CVE-2024-0134: NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of…
medium4.1CVSS 3.1
AVNACLPRLUIRSCCNILAN
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_nvidia-container-toolkit_1.16.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_nvidia-container-toolkit_1.17.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.16.2-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.17.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| nvidia | nvidia_container_toolkit | < 1.17 | 1.17 |
| nvidia | nvidia_container_toolkit | — | — |
| nvidia | nvidia_gpu_operator | < 24.9.0 | 24.9.0 |
| nvidia | nvidia_gpu_operator | — | — |