← back
CVE-2024-0132

CVE-2024-0132

CVSS 9 CRITICALEPSS 36.5%CWE-367
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
NVIDIA · Container ToolkitNVIDIA · GPU Operator
public PoCs found3
githubgithub.com/r0binak/CVE-2024-01326githubgithub.com/ssst0n3/poc-cve-2024-01325exploitdbwww.exploit-db.com/exploits/52095unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5582