CVE-2024-0135

EUVD-2024-15934
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
nvidiaCNA
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
nvidianvidia_container_toolkit
𝑥
< 1.17.3
nvidianvidia_gpu_operator
𝑥
< 24.9.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5599