NVIDIA Container Toolkit Vulnerability Could Lead to Data Tampering

CVE-2024-0133

3.4LOW

Key Information

Vendor: Nvidia
Status: Container Toolkit; Gpu Operator
Vendor: CVE Published:; 26 September 2024

Summary

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

Affected Version(s)

Container Toolkit = All versions up to and including v1.16.1

GPU Operator = All versions up to and including 24.6.1

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Sep 26, 2024
Vulnerability Reserved.
Dec 2, 2023

Collectors

NVD DatabaseMitre Database