CVE-2024-0134
https://notcve.org/view.php?id=CVE-2024-0134
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering. NVIDIA Container Toolkit y NVIDIA GPU Operator para Linux contienen una vulnerabilidad de UNIX en la que una imagen de contenedor especialmente manipulada puede provocar la creación de archivos no autorizados en el host. El nombre y la ubicación de los archivos no pueden ser controlados por un atacante. • https://nvidia.custhelp.com/app/answers/detail/a_id/5585 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2024-0106
https://notcve.org/view.php?id=CVE-2024-0106
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5562 • CWE-274: Improper Handling of Insufficient Privileges •
CVE-2024-0105
https://notcve.org/view.php?id=CVE-2024-0105
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5562 • CWE-274: Improper Handling of Insufficient Privileges •
CVE-2024-0133
https://notcve.org/view.php?id=CVE-2024-0133
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5582 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-0132
https://notcve.org/view.php?id=CVE-2024-0132
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5582 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •