CVE-2024-0137

CWE-6534 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 78.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Nvidia Container ToolkitNvidia Nvidia GPU Operator
Timeline
PublishedJan 28

Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 1.3 | Impact: 3.7

Affected Packages4 packages

CVEListV5nvidia/nvidia_container_toolkitAll versions up to and including v1.17.0
CVEListV5nvidia/nvidia_gpu_operatorAll versions up to and including 24.9.0

🔴Vulnerability Details

2
CVEList
CVE-2024-0137: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running i2025-01-28
GHSA
GHSA-frhw-w3wm-6cw4: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running i2025-01-28

📋Vendor Advisories

1
Red Hat
nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit2025-01-28
CVE-2024-0137 (MEDIUM CVSS 6.5) | NVIDIA Container Toolkit contains a | cvebase.io