CVE-2024-0133: 
Wolfi vulnerability analysis and mitigation

NVIDIA Container Toolkit version 1.16.1 and earlier contains a vulnerability (CVE-2024-0133) in its default mode of operation. This vulnerability allows specially crafted container images to create empty files on the host file system. The vulnerability was disclosed in September 2024 and affects all versions of NVIDIA Container Toolkit up to and including v1.16.1 on Linux systems. Notably, this vulnerability does not impact use cases where Container Device Interface (CDI) is used (NVIDIA Bulletin).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) issue (CWE-367) with a CVSS v3.1 base score of 4.1, indicating medium severity. The CVSS vector for this vulnerability is AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N, which indicates network attack vector, low attack complexity, low privileges required, user interaction required, changed scope, and low impact on integrity (NVIDIA Bulletin).

A successful exploitation of this vulnerability may lead to data tampering through the creation of empty files on the host file system. The vulnerability specifically affects organizations using GPU-accelerated containers in their infrastructure when not using CDI (Security Online).

NVIDIA has released version 1.16.2 of the Container Toolkit to address this vulnerability. Additionally, for users of the NVIDIA GPU Operator, version 24.6.2 has been released as a fix. Organizations are strongly encouraged to update to these latest versions to mitigate the vulnerability. Alternatively, using Container Device Interface (CDI) prevents this vulnerability from being exploited (NVIDIA Bulletin).

Red Hat has assessed this vulnerability as having Important severity rather than Critical, noting that it does not affect Red Hat products due to their use of CDI and signed containers. They also emphasize that exploitation would require an environment that permits untrusted containers, which is not typical for their customers (Red Hat Portal).