CVE-2024-0135 — Improper Isolation or Compartmentalization in Nvidia Container Toolkit

CWE-653 — Improper Isolation or Compartmentalization4 documents4 sources

Severity

7.6HIGHNVD

EPSS

0.1%

top 72.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Container Toolkit Nvidia GPU Operator

Timeline

PublishedJan 28

Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages4 packages

▶NVDnvidia/nvidia_container_toolkit< 1.17.3

▶CVEListV5nvidia/nvidia_container_toolkitAll versions up to and including v1.17.0

▶NVDnvidia/nvidia_gpu_operator< 24.9.1

▶CVEListV5nvidia/nvidia_gpu_operatorAll versions up to and including 24.9.0

🔴Vulnerability Details

CVEList

CVE-2024-0135: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host b↗2025-01-28

▶

GHSA

GHSA-9v84-cc9j-pxr6: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host b↗2025-01-28

▶

📋Vendor Advisories

Red Hat

nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit↗2025-01-28

▶