CVE-2024-0136

Advisory lineage Upstream: 0 Downstream: 1

Downstream

SUSE-SU-2025:4187-1

Analyzed

Published: 28 Jan 2025, 03:09

Last modified:28 Jan 2025, 15:15

Vulnerability Summary

Overall Risk (default)

medium

34/100

CVSS Score

8.4 HIGH

v3.1 (nvd)

EPSS Score

0.1% LOW

0% probability -0.18%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Jan 2025, 03:09

Published

Vulnerability first disclosed

28 Jan 2025, 15:15

Last Modified

Vulnerability information updated

Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS Metrics

v3.1•HIGH•Score: 7.6CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
v3.1•HIGH•Score: 8.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.10%• Percentile: 27%

Techniques & Countermeasures

CWE-653•Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

Affected Systems

nvidia•nvidia_container_toolkit
All versions up to and including v1.17.0 | < 1.17.3
nvidia•nvidia_gpu_operator
All versions up to and including 24.9.0 | < 24.9.1

References (1)

https://nvidia.custhelp.com/app/answers/detail/a_id/5599