Unauthorized Files Creation Vulnerability Affects NVIDIA Container Toolkit and GPU Operator for Linux
CVE-2024-0134

4.1MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Container Toolkit; Nvidia Gpu Operator
Vendor: CVE Published:; 5 November 2024

What is CVE-2024-0134?

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NVIDIA Container Toolkit Linux All versions up to and including v1.16.2

NVIDIA GPU Operator Linux All versions up to and including 24.6.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5585

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Dec 2, 2023

JSON

Nvidia