Unauthorized Files Creation Vulnerability Affects NVIDIA Container Toolkit and GPU Operator for Linux
CVE-2024-0134

4.1MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Container Toolkit; Nvidia Gpu Operator
Vendor: CVE Published:; 5 November 2024

What is CVE-2024-0134?

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Affected Version(s)

NVIDIA Container Toolkit Linux All versions up to and including v1.16.2

NVIDIA GPU Operator Linux All versions up to and including 24.6.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5585

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Dec 2, 2023

Nvidia

What is CVE-2024-0134?

Affected Version(s)

References

CVSS V3.1

Timeline