CVE-2024-0134

CWE-615 documents5 sources
Severity
4.1MEDIUM
EPSS
0.2%
top 53.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Nvidia Container ToolkitNvidia Nvidia GPU Operator
Timeline
PublishedNov 5
Latest updateNov 12

Description

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages4 packages

CVEListV5nvidia/nvidia_container_toolkitAll versions up to and including v1.16.2
CVEListV5nvidia/nvidia_gpu_operatorAll versions up to and including 24.6.2

🔴Vulnerability Details

2
CVEList
CVE-2024-0134: NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the crea2024-11-05
GHSA
GHSA-7jm9-xpwx-v999: NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the crea2024-11-05

📋Vendor Advisories

2
Microsoft
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host.2024-11-12
Red Hat
nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host2024-11-05
CVE-2024-0134 (MEDIUM CVSS 4.1) | NVIDIA Container Toolkit and NVIDIA | cvebase.io