Unauthorized Files Creation Vulnerability Affects NVIDIA Container Toolkit and GPU Operator for Linux

CVE-2024-0134

4.1MEDIUM

Key Information

Vendor: Nvidia
Status: Nvidia Container Toolkit; Nvidia Gpu Operator
Vendor: CVE Published:; 5 November 2024

Summary

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Affected Version(s)

NVIDIA Container Toolkit = All versions up to and including v1.16.2

NVIDIA GPU Operator = All versions up to and including 24.6.2

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Nov 5, 2024
Vulnerability Reserved.
Dec 2, 2023

Collectors

NVD DatabaseMitre Database