CVE-2024-0137 MEDIUM

CVE-2024-0137

Vendor Nvidia
Product NVIDIA Container Toolkit
Weakness CWE-653
Published January 28, 2025
Last update January 28, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.

Key dates

02Disclosure timeline

January 28, 2025 CVE published
January 28, 2025 Record updated