CVE-2024-0132

Scores

EPSS

0.038very_low3.8%

0%20%40%60%80%100%

Percentile: 3.8%

CVSS

8.3high3.x

0246810

CVSS Score: 8.3/10

All CVSS Scores

CVSS 3.x

8.3

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-367

Related Vulnerabilities

BDU:2024-07816

Exploits

Exploit ID: 52095

Source: exploitdb

URL: https://www.exploit-db.com/exploits/52095

Exploit ID: CVE-2024-0132

Source: github-poc

URL: https://github.com/r0binak/CVE-2024-0132

Vulnerable Software (2)

Type: Configuration

Vendor: *

Product: nvidia_container_toolkit

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*",          "versionEndExcluding": "1.16.2",          "vulnerab...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*",          "versionEndExcluding": "1.16.2",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: nvidia_gpu_operator

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*",          "versionEndExcluding": "24.6.2",          "vulnerable": ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*",          "versionEndExcluding": "24.6.2",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2024-0132

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (2)