CVE-2024-0132

CRITICAL

Nvidia Container Toolkit < 1.16.2 - TOCTOU Race Condition

Title source: rule

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Exploits (3)

exploitdb WORKING POC

by r0binak · textlocallinux

https://www.exploit-db.com/exploits/52095

View Code ZIP pw:eip

nomisec WORKING POC 6 stars

by r0binak · poc

https://github.com/r0binak/CVE-2024-0132

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by ssst0n3 · poc

https://github.com/ssst0n3/poc-cve-2024-0132

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5582

Scores

CVSS v3 9.0

EPSS 0.0402

EPSS Percentile 88.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-367

Status published

Products (3)

NVIDIA/nvidia-container-toolkit 0 - 1.16.2Go

nvidia/nvidia_container_toolkit < 1.16.2

nvidia/nvidia_gpu_operator < 24.6.2

Published Sep 26, 2024

Tracked Since Feb 18, 2026