NVD Vulnerability Detail

CVE-2024-0132

Summary	NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Publication Date	Sept. 26, 2024, 3:15 p.m.
Registration Date	Sept. 26, 2024, 8 p.m.
Last Update	Oct. 2, 2024, 11:45 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:nvidia:nvidia_container_toolkit::::::::					1.16.2
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:nvidia:nvidia_gpu_operator::::::::					24.6.2
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://nvidia.custhelp.com/app/answers/detail/a_id/5582		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-367	Time-of-check Time-of-use (TOCTOU) 競合状態	https://cwe.mitre.org/data/definitions/367.html

JVN Vulnerability Information

NVIDIA の nvidia container toolkit および nvidia gpu operator における Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性

Title	NVIDIA の nvidia container toolkit および nvidia gpu operator における Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性
Summary	NVIDIA の nvidia container toolkit および nvidia gpu operator には、Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 26, 2024, midnight
Registration Date	Oct. 3, 2024, 9:50 a.m.
Last Update	Oct. 3, 2024, 9:50 a.m.

Affected System

NVIDIA

nvidia container toolkit 1.16.2 未満

nvidia gpu operator 24.6.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-0132	https://www.cve.org/CVERecord?id=CVE-2024-0132
National Vulnerability Database (NVD)
2	CVE-2024-0132	https://nvd.nist.gov/vuln/detail/CVE-2024-0132

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-367	https://cwe.mitre.org/data/definitions/367.html

その他

No	Name	URL
関連文書
1	nvidia.custhelp.com (a_id/5582)	https://nvidia.custhelp.com/app/answers/detail/a_id/5582

Change Log

No	Changed Details	Date of change
1	[2024年10月03日] 掲載	Oct. 3, 2024, 9:50 a.m.