CVE-2024-0136

{"id": "CVE-2024-0136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}]}, "published": "2025-01-28T03:15:07.433", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "tags": ["Vendor Advisory", "Mitigation"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-653"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA Container Toolkit contiene una vulnerabilidad de aislamiento inapropiado en la que una imagen de contenedor manipulado especial podr\u00eda provocar que un c\u00f3digo no confiable obtenga acceso de lectura y escritura a los dispositivos host. Esta vulnerabilidad solo est\u00e1 presente cuando NVIDIA Container Toolkit est\u00e1 configurado de una manera no predeterminada. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."}], "lastModified": "2025-10-06T14:07:29.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E54D22-0E59-4CE5-827F-4E9CF632E2F2", "versionEndExcluding": "1.17.3"}, {"criteria": "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "182A2529-0B26-4CD2-A869-72296F440DDF", "versionEndExcluding": "24.9.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}