Unauthorized Files Creation Vulnerability Affects NVIDIA Container Toolkit and GPU Operator for Linux
CVE-2024-0134

4.1MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Container Toolkit; Nvidia Gpu Operator
Vendor: CVE Published:; 5 November 2024

Summary

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Affected Version(s)

NVIDIA Container Toolkit Linux All versions up to and including v1.16.2

NVIDIA GPU Operator Linux All versions up to and including 24.6.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5585

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Dec 2, 2023