Improper Isolation in NVIDIA Container Toolkit Leading to Host Device Access
CVE-2024-0136

7.6HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Container Toolkit; Nvidia Gpu Operator
Vendor: CVE Published:; 28 January 2025

What is CVE-2024-0136?

The NVIDIA Container Toolkit presents an improper isolation vulnerability that occurs due to its specific configuration. When configured in a non-default way, a specially crafted container image can exploit this flaw, potentially allowing untrusted code to gain read and write access to host devices. This could lead to serious impacts, including unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering. Ensuring proper configuration is essential to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NVIDIA Container Toolkit Linux All versions up to and including v1.17.0

NVIDIA GPU Operator Linux All versions up to and including 24.9.0

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5599

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Dec 2, 2023

JSON

Nvidia

What is CVE-2024-0136?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.