CVE-2024-0132 CRITICAL

CVE-2024-0132

Vendor Nvidia
Product Container Toolkit
Weakness CWE-367
Published September 26, 2024
Last update September 27, 2024

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
September 27, 2024 Record updated