CVE-2024-0137
Public on 2025-01-28
Modified on 2025-02-03
Description
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2023 | libnvidia-container | 2025-02-14 | ALAS2023NVIDIA-2025-003 | Fixed |
| HAQM Linux 2023 | nvidia-container-toolkit | 2025-02-14 | ALAS2023NVIDIA-2025-004 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |