NVIDIA Container Toolkit Vulnerability Could Lead to Data Tampering
CVE-2024-0133
3.4LOW
Key Information
- Vendor
- Nvidia
- Status
- Container Toolkit
- Gpu Operator
- Vendor
- CVE Published:
- 26 September 2024
Summary
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
Affected Version(s)
Container Toolkit = All versions up to and including v1.16.1
GPU Operator = All versions up to and including 24.6.1
Refferences
CVSS V3.1
Score:
3.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database