CVE-2024-0132

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0132
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5582 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

02 Oct 2024, 14:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.0 		v2 : unknown
v3 : 8.3
CPE cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
First Time Linux linux Kernel
Nvidia nvidia Container Toolkit
Nvidia nvidia Gpu Operator
Nvidia
Linux
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5582 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5582 - Vendor Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) NVIDIA Container Toolkit 1.16.1 o versiones anteriores contienen una vulnerabilidad de tipo TOCTOU (Time-of-check Time-of-Use) cuando se utiliza con la configuración predeterminada, en la que una imagen de contenedor manipulada específicamente puede obtener acceso al sistema de archivos del host. Esto no afecta a los casos de uso en los que se utiliza CDI. Una explotación exitosa de esta vulnerabilidad puede provocar la ejecución de código, la denegación de servicio, la escalada de privilegios, la divulgación de información y la manipulación de datos.

26 Sep 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-26 06:15

Updated : 2024-10-02 14:45

NVD link : CVE-2024-0132

Mitre link : CVE-2024-0132

CVE.ORG link : CVE-2024-0132

JSON object : View

Products Affected

linux

  • linux_kernel

nvidia

  • nvidia_gpu_operator
  • nvidia_container_toolkit
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024