CVE-2024-0133: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
References
- advisory-inbox.githubapp.com/advisory_reviews/GHSA-wqq7-v22c-gpfp
- github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-xff4-h7r9-vrpf
- github.com/NVIDIA/nvidia-container-toolkit
- github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-f748-7hpg-88ch
- github.com/advisories/GHSA-f748-7hpg-88ch
- nvd.nist.gov/vuln/detail/CVE-2024-0133
- nvidia.custhelp.com/app/answers/detail/a_id/5582
Detect and mitigate CVE-2024-0133 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →