Home > Vulnerability Database > CVE-2024-0132

Mend.io Vulnerability Database

CVE-2024-0132

Good to know:

Date: September 26, 2024

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Severity Score

9.0

Related Resources (7)

Url: https://github.com/NVIDIA/nvidia-container-toolkit

Url: https://github.com/NVIDIA/gpu-operator/security/advisories/GHSA-95rf-r6p4-44h7

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-0132

Url: https://nvidia.custhelp.com/app/answers/detail/a_id/5582

Url: https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-mjjw-553x-87pq

Url: https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-q2v4-jw5g-9xxj

Url: https://www.mend.io/vulnerability-database/CVE-2024-0132

Severity Score

9.0

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

Top Fix

Upgrade Version

Upgrade to version github.com/NVIDIA/nvidia-container-toolkit - v1.16.2

Learn More

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-0132

Good to know:

Date: September 26, 2024

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?