CGA-cx6q-h2q2-52j7

Published

Last updated

https://images.chainguard.dev/security/CGA-cx6q-h2q2-52j7

Package

nvidia-gpu-operator-validator-24.3

Latest Update

Fixed

Fixed Version

24.3.0-r4

Aliases

CVE-2024-0133
GHSA-f748-7hpg-88ch

Severity

4.1

Medium

CVSS V3

Summary

NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0133
https://github.com/advisories/GHSA-f748-7hpg-88ch
https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-xff4-h7r9-vrpf
https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-f748-7hpg-88ch
https://advisory-inbox.githubapp.com/advisory_reviews/GHSA-wqq7-v22c-gpfp
https://github.com/NVIDIA/nvidia-container-toolkit
https://nvidia.custhelp.com/app/answers/detail/a_id/5582

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-cx6q-h2q2-52j7

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources