Arbitrary File Write Vulnerability in NVIDIA Triton Inference Server for Linux Could Lead to Code Execution, Denial of Service, and More
CVE-2024-0087

9CRITICAL

Key Information:

Vendor: Nvidia
Status: Nvidia Triton Inference Server
Vendor: CVE Published:; 14 May 2024

Summary

The NVIDIA Triton Inference Server for Linux has a vulnerability that permits a user to direct log output to an arbitrary file location. This capability can lead to the unintentional overwriting of existing log files if they are present, which can result in various security risks. Subsequent exploitation may allow for unauthorized code execution, denial of service, and unauthorized access to sensitive information, increasing the opportunity for data tampering and privilege escalation. This vulnerability emphasizes the importance of careful log file management and security configurations to mitigate potential threats.

Affected Version(s)

NVIDIA Triton Inference Server 22.09 to 24.03

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5535

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Dec 2, 2023