Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2024-0132

Опубликовано: 23 окт. 2024
Источник: msrc
CVSS3: 8.3
EPSS Низкий

Описание

NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability

FAQ

What actions do customers need to take to protect themselves from this vulnerability?

Customers with Ubuntu Linux or Azure Linux based Azure Kubernetes Service (AKS) Node Pools using NVIDIA GPU driver configurations are affected by this vulnerability. Please see below for details on how to update your resources to be protected against this vulnerability.

  1. Customers with Azure Linux based AKS Node Pool resources must manually install AKS Node image version 2024.1009.1 to be protected against this vulnerability by running the following CLI command:

    tdnf install https://packages.microsoft.com/cbl-mariner/2.0/prod/base/x86_64/Packages/n/nvidia-container-toolkit-1.16.2-1.cm2.x86_64.rpm

    Note: The AKS node image, version 20241009.1, will be deployed in November and contain this package by default. Customers can monitor the status of this deployment by using AKS Release Tracker.

  2. Customers with Ubuntu Linux based AKS Node Pool resources must manually upgrade the driver version of their AKS Nodes to version 202410.09.0 to be protected against this vulnerability by following the guidance here: AKS Node Image Upgrade.

    Note: This upgrade will not alter your Kubernetes version.

Обновления

ПродуктСтатьяОбновление
CBL Mariner 2.0 x64
-
CBL Mariner 2.0 ARM
-
Azure Linux 3.0 x64
-
Azure Linux 3.0 ARM
-
Azure Kubernetes Service Node on Azure Linux
Release Notes
Security Update
Azure Kubernetes Service Node on Ubuntu Linux
Release Notes
Security Update

Показывать по

Возможность эксплуатации

DOS

N/A

EPSS

Процентиль: 86%
0.02917
Низкий

8.3 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-0132

CVSS3: 8.3
redhat
около 1 года назад

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

nvd логотип

CVE-2024-0132

CVSS3: 9
nvd
около 1 года назад

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

github логотип

GHSA-mjjw-553x-87pq

CVSS3: 9
github
около 1 года назад

NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

fstec логотип

BDU:2024-07816

CVSS3: 9
fstec
около 1 года назад

Уязвимость программного обеспечения для создания и запуска контейнеров NVIDIA Container Toolkit и программного средства для управления ресурсами NVIDIA GPU Operator, позволяющая нарушителю повысить свои привилегии или выполнить произвольный код

suse-cvrf логотип

SUSE-SU-2024:3950-1

suse-cvrf
около 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 86%
0.02917
Низкий

8.3 High

CVSS3