CVE-2024-0137

Advisory lineage Upstream: 0 Downstream: 1

Downstream

SUSE-SU-2025:4187-1

Analyzed

Published: 28 Jan 2025, 03:10

Last modified:28 Jan 2025, 15:15

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.07% LOW

0% probability -0.09%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Jan 2025, 03:10

Published

Vulnerability first disclosed

28 Jan 2025, 15:15

Last Modified

Vulnerability information updated

Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

CWE-653•Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

Affected Systems

nvidia•nvidia_container_toolkit
All versions up to and including v1.17.0 | < 1.17.3
nvidia•nvidia_gpu_operator
All versions up to and including 24.9.0 | < 24.9.1

References (1)

https://nvidia.custhelp.com/app/answers/detail/a_id/5599