Improper Isolation in NVIDIA Container Toolkit Leading to Host Device Access
CVE-2024-0136

7.6HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Container Toolkit; Nvidia Gpu Operator
Vendor: CVE Published:; 28 January 2025

Summary

The NVIDIA Container Toolkit presents an improper isolation vulnerability that occurs due to its specific configuration. When configured in a non-default way, a specially crafted container image can exploit this flaw, potentially allowing untrusted code to gain read and write access to host devices. This could lead to serious impacts, including unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering. Ensuring proper configuration is essential to mitigate risks associated with this vulnerability.

Affected Version(s)

NVIDIA Container Toolkit Linux All versions up to and including v1.17.0

NVIDIA GPU Operator Linux All versions up to and including 24.9.0

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5599

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Dec 2, 2023