CVE-2024-0135

Summary

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA Container ToolkitAll versions up to and including v1.17.0affected
NVIDIANVIDIA GPU OperatorAll versions up to and including 24.9.0affected

Weaknesses

  • CWE-653: CWE-653

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References