CVE-2024-0134

MEDIUM EPSS 29.5%

Published Nov 5, 20241y ago · Modified Jun 17, 20261w ago

4.1 CVSS 3.1

Medium

Published Nov 5, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

CVSS Details

Base Score

4.1

Exploitability

2.3

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality None

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

29.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-61

Affected Products 3

Vendor	Product	Version	Range
nvidia	nvidia_container_toolkit	*	<1.17
nvidia	nvidia_gpu_operator	*	<24.9.0
linux	linux_kernel	*	any

References 1

nvidia.custhelp.com https://nvidia.custhelp.com/app/answers/detail/a_id/5585

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.