CVE-2024-0134

Summary

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA Container ToolkitAll versions up to and including v1.16.2affected
NVIDIANVIDIA GPU OperatorAll versions up to and including 24.6.2affected

Weaknesses

  • CWE-61: CWE-61

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References