CVE-2024-0134

Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions prior to the fixed version NVIDIA GPU Operator versions prior to the fixed version

Description The issue is related to errors in processing symbolic links, which can be exploited by a remote attacker to impact data integrity. A specially crafted container image can lead to the creation of unauthorized files on the host, although the name and location of these files cannot be controlled by the attacker. This might result in data tampering.

Recommendations For NVIDIA Container Toolkit versions prior to the fixed version, update to the latest version as outlined in the remediation guide. For NVIDIA GPU Operator versions prior to the fixed version, update to the latest version as outlined in the remediation guide. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Review security configurations to minimize the risk of exploitation.