CVE-2024-0133

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Published Sep 26, 2024
Updated: Oct 2, 2024
CWE ID 367

Summary

CVE-2024-0133 is a vulnerability found in NVIDIA Container Toolkit versions 1.16.1 and earlier, which allows specially crafted container images to create empty files on the host file system under the default mode of operation. This issue does not affect scenarios where Container Device Interface (CDI) is utilized. A successful exploitation could lead to data tampering, posing a medium-level risk to organizations utilizing the affected products. To remediate this vulnerability, it is recommended that users upgrade to a later version of the NVIDIA Container Toolkit that addresses this issue. The vulnerability has been assigned an exploitability score of 2.3, indicating low privileges are required for exploitation and that user interaction is necessary.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share