GHSA-g4pj-mx9f-m2mh: Duplicate Advisory: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

September 26, 2024 (updated October 29, 2024)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-f748-7hpg-88ch. This link is maintained to preserve external references.

Original Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

References

github.com/advisories/GHSA-g4pj-mx9f-m2mh
nvd.nist.gov/vuln/detail/CVE-2024-0133
nvidia.custhelp.com/app/answers/detail/a_id/5582

Code Behaviors & Features

Detect and mitigate GHSA-g4pj-mx9f-m2mh with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →