Description
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
References (1)
Core 1
Core References
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5585
Scores
CVSS v3
4.1
EPSS
0.0038
EPSS Percentile
29.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-61
Status
published
Products (2)
nvidia/nvidia_container_toolkit
< 1.17
nvidia/nvidia_gpu_operator
< 24.9.0
Published
Nov 05, 2024
Tracked Since
Feb 18, 2026