CVE-2024-0135

Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions are affected, but specific versions are not provided in the input data.

Description The issue is related to an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The "GET /api/v1/status/{job id}" and "POST /api/v1/search" API endpoints are mentioned, with the job id variable and Content-Type being relevant. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations Since specific affected versions of NVIDIA Container Toolkit are not provided, a general recommendation based on the available data is to apply the latest security update released by NVIDIA for its Container Toolkit and GPU Operator to address the critical vulnerabilities.