2342481 – (CVE-2024-0135) CVE-2024-0135 nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit

Bug 2342481 (CVE-2024-0135) - CVE-2024-0135 nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit

Summary: CVE-2024-0135 nvidia-container-toolkit: Improper Isolation or Compartmentaliz...

Keywords:
Status:	NEW
Alias:	CVE-2024-0135
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2342483 2342484 2342485 2342486
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-28 04:01 UTC by OSIDB Bzimport
Modified:	2025-01-28 13:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-01-28 04:01:21 UTC

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Comment 2 Fabien Dupont 2025-01-28 07:51:32 UTC

RHEL AI 1.3.2 has nvidia-container-toolkit-1.17.3-1.x86_64, hence RHEL AI 1.3 is already fixed.

Note You need to log in before you can comment on or make changes to this bug.