Bug 2323971 (CVE-2024-0134) - CVE-2024-0134 nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host
Summary: CVE-2024-0134 nvidia-container-toolkit: specially-crafted container image can...
Keywords:
Status: NEW
Alias: CVE-2024-0134
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2324080 2324081 2324082 2324083 2324084 2324085
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-05 19:01 UTC by OSIDB Bzimport
Modified: 2025-01-24 18:24 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-11-05 19:01:42 UTC 
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
Comment 2 Debarshi Ray 2024-11-05 23:52:15 UTC 
Isn't this supposed to be CVE-2024-0132 and CVE-2024-0133, not CVE-2024-0134?

References:
https://nvidia.custhelp.com/app/answers/detail/a_id/5582
https://github.com/NVIDIA/nvidia-container-toolkit/releases/tag/v1.16.2
Comment 3 Debarshi Ray 2025-01-24 18:24:43 UTC 
(In reply to Debarshi Ray from comment #2)
> Isn't this supposed to be CVE-2024-0132 and CVE-2024-0133, not CVE-2024-0134?

Never mind.  I see that CVE-2024-0134 is a thing:
https://nvidia.custhelp.com/app/answers/detail/a_id/5585
https://github.com/NVIDIA/nvidia-container-toolkit/releases/tag/v1.17.0
https://github.com/advisories/GHSA-7jm9-xpwx-v999
Note You need to log in before you can comment on or make changes to this bug.