Unauthorized Files Creation Vulnerability Affects NVIDIA Container Toolkit and GPU Operator for Linux

CVE-2024-0134

4.1MEDIUM

Key Information

Vendor
Nvidia
Status
Nvidia Container Toolkit
Nvidia Gpu Operator
Vendor
CVE Published:
5 November 2024

Summary

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Affected Version(s)

NVIDIA Container Toolkit = All versions up to and including v1.16.2

NVIDIA GPU Operator = All versions up to and including 24.6.2

Refferences

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.