CVE-2024-0136

Summary

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA Container ToolkitAll versions up to and including v1.17.0affected
NVIDIANVIDIA GPU OperatorAll versions up to and including 24.9.0affected

Weaknesses

  • CWE-653: CWE-653

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References