Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-0132

CRITICAL
Published 2024-09-26T05:18:33.211Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-0132. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.0
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.050
probability
of exploitation in the wild

There is a 5.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.892
Higher than 89.2% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Available Exploits

No exploits available for this CVE.

Related News

CVE-2024-0132: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks

A recent report by Trend Research has uncovered that NVIDIA’s September 2024 security update for a critical vulnerability The post CVE-2024-0132: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks appeared first on Daily CyberSecurity.

SecurityOnline.info 2025-04-13 00:27
Read More
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (…

Internet 2025-04-10 14:13
Read More
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk.

Trendmicro.com 2025-04-10 00:00
Read More
CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass)

Posted by Yupeng(Roc) on Feb 14Hi, I am interested in container security. Recently, I found a bypass of CVE-2024-0132 fix. The following gives the details. Severity: Important CVSS Score: 8.3 CVSS3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected versions: -…

Seclists.org 2025-02-14 14:46
Read More

Affected Products

NVIDIA

Container Toolkit

Affected Versions:

All versions up to and including v1.16.1
NVIDIA

GPU Operator

Affected Versions:

All versions up to and including 24.6.1
nvidia

container_toolkit

Affected Versions:

0
nvidia

gpu_operator

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

GHSA-mjjw-553x-87pq

Advisory Details

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Packages

Go github.com/NVIDIA/nvidia-container-toolkit
ECOSYSTEM: ≥0 <1.16.2

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References

WEB https://github.com/NVIDIA/gpu-operator/security/advisories/GHSA-95rf-r6p4-44h7
WEB https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-q2v4-jw5g-9xxj
WEB https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-mjjw-553x-87pq
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-0132
PACKAGE https://github.com/NVIDIA/nvidia-container-toolkit
WEB https://nvidia.custhelp.com/app/answers/detail/a_id/5582

Advisory provided by GitHub Security Advisory Database. Published: October 29, 2024, Modified: October 29, 2024

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5582
Published: 2024-09-26T05:18:33.211Z
Last Modified: 2024-09-27T03:55:16.649Z
Copied to clipboard!