NVIDIA Container Toolkit Vulnerability Could Lead to Data Tampering

CVE-2024-0133

3.4LOW

Key Information

Vendor
Nvidia
Status
Container Toolkit
Gpu Operator
Vendor
CVE Published:
26 September 2024

Summary

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

Affected Version(s)

Container Toolkit = All versions up to and including v1.16.1

GPU Operator = All versions up to and including 24.6.1

Refferences

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.