CVE-2024-0137

Published: Jan 28, 2025Modified: Oct 6, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Exploitability: 2.3 / Impact: 3.7

Source: NVD

Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.

Affected (2)

Products: Nvidia: Nvidia Container Toolkit, Nvidia Gpu Operator

2 products

Nvidia Container Toolkit

Nvidia Gpu Operator

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Nvidia Container Toolkit	Before 1.17.3
Nvidia Nvidia Gpu Operator	Before 24.9.1

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References (1)

https://nvidia.custhelp.com/app/answers/detail/a_id/5599

Source: psirt@nvidia.com

MitigationVendor Advisory

Timeline

No history available yet.