CVE-2024-0135
Public on 2025-01-28
Modified on 2025-02-13
Description
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2023 | libnvidia-container | 2025-02-14 | ALAS2023NVIDIA-2025-003 | Fixed |
| HAQM Linux 2023 | nvidia-container-toolkit | 2025-02-14 | ALAS2023NVIDIA-2025-004 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 7.6 | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.6 | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |