CVE-2024-0116: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server has been identified with vulnerability CVE-2024-0116, discovered and disclosed in September 2024. This vulnerability affects versions v19.11 through v24.08 of the Triton Inference Server running on Linux platforms. The issue involves an out-of-bounds read vulnerability that can occur when a shared memory region is released while still in use (NVIDIA Security).

The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium severity) with the vector string AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The technical nature of the vulnerability is classified as CWE-125 (Out-of-bounds Read), which occurs when a user releases a shared memory region while it is still being accessed (NVIDIA Security, Red Hat CVE).

A successful exploitation of this vulnerability can lead to denial of service (DoS) in the affected system. The vulnerability specifically impacts the availability of the service while not affecting confidentiality or integrity aspects (NVIDIA Security).

NVIDIA has released version 24.09 of the Triton Inference Server to address this vulnerability. Users are advised to upgrade to this version. Additionally, users deploying the server in production settings should follow the Secure Deployment Considerations Guide and ensure that logging and shared memory APIs are protected for use by authorized users only (NVIDIA Security).

The vulnerability was responsibly disclosed by security researcher r3pwnx, demonstrating ongoing security research and responsible disclosure practices in the field (NVIDIA Security).