Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-0134

Опубликовано: 05 нояб. 2024
Источник: redhat
CVSS3: 4.1
EPSS Низкий

Описание

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

A flaw was found in the NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux. They contain a UNIX vulnerability where a specially crafted container image can create unauthorized files on the host. An attacker cannot control the name and location of the files. A successful exploit of this vulnerability might lead to data tampering.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI)rhelai1/bootc-nvidia-rhel9Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-61
https://bugzilla.redhat.com/show_bug.cgi?id=2323971nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host

EPSS

Процентиль: 30%
0.00112
Низкий

4.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-0134

CVSS3: 4.1
nvd
около 1 года назад

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

msrc логотип

CVE-2024-0134

CVSS3: 4.1
msrc
11 месяцев назад

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host.

github логотип

GHSA-7jm9-xpwx-v999

CVSS3: 4.1
github
около 1 года назад

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

fstec логотип

BDU:2024-09408

CVSS3: 4.1
fstec
около 1 года назад

Уязвимость программного обеспечения для создания и запуска контейнеров NVIDIA Container Toolkit и программного средства для управления ресурсами NVIDIA GPU Operator, позволяющая нарушителю оказать воздействие на целостность данных

redos логотип

ROS-20251028-11

CVSS3: 8.5
redos
20 дней назад

Множественные уязвимости nvidia-container-toolkit

EPSS

Процентиль: 30%
0.00112
Низкий

4.1 Medium

CVSS3