VDB
CVE-2024-0134
CVE-2024-0134
PUBLISHED
CVSS 4.099999904632568 MEDIUM
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
EPSS 0.23% · 46.3th percentile
Risk Scores
CVSS 3.1
4.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
EPSS Score
0.23%
46.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nvidia | nvidia_container_toolkit | 0, 0, 0 |
| NVIDIA | NVIDIA GPU Operator | All versions up to and including 24.6.2, All versions up to and including 24.6.2 |
| nvidia | nvidia_gpu_operator | 0, 0, 0 |
| NVIDIA | NVIDIA Container Toolkit | *, All versions up to and including v1.16.2 |
Exploit Intelligence
- CIRCL seen: CVE-2024-0134 (circl-sighting)
- https://nvidia.custhelp.com/app/answers/detail/a_id/5585 (circl)
Timeline
- Nov 5, 2024 Coalition ESS Score
- Nov 5, 2024 CVE Published
- Nov 5, 2024 PoC Published
- Nov 6, 2024 EPSS Score
- Nov 6, 2024 Coalition ESS Score
- Nov 8, 2024 Coalition ESS Score
- Nov 24, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Dec 31, 2024 EPSS Score
- Jan 18, 2025 EPSS Score
- Feb 4, 2025 EPSS Score
- Feb 22, 2025 EPSS Score