8.3 CVE-2024-0132

 

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
https://nvd.nist.gov/vuln/detail/CVE-2024-0132

Categories

CWE-367 : Time-of-check Time-of-use (TOCTOU) Race Condition
This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.

References


 

CPE

cpe start end
Configuration 1
AND
   cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:* < 1.16.2
  Running on/with
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Configuration 2
AND
   cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:* < 24.6.2
  Running on/with
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
27 Leveraging Race Conditions via Symbolic Links
High
29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
High