CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0137
https://notcve.org/view.php?id=CVE-2024-0137
28 Jan 2025 — NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5599 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0136
https://notcve.org/view.php?id=CVE-2024-0136
28 Jan 2025 — NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5599 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0135
https://notcve.org/view.php?id=CVE-2024-0135
28 Jan 2025 — NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5599 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0134
https://notcve.org/view.php?id=CVE-2024-0134
05 Nov 2024 — NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering. NVIDIA Container Toolkit y NVIDIA GPU Operator para Linux contienen una vulnerabilidad de UNIX en la que una imagen de contenedor especialmente manipulada puede provocar la crea... • https://nvidia.custhelp.com/app/answers/detail/a_id/5585 • CWE-61: UNIX Symbolic Link (Symlink) Following •