CVE-2024-0134: 
NVIDIA Container Toolkit vulnerability analysis and mitigation

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability (CVE-2024-0134) where a specially crafted container image can lead to the creation of unauthorized files on the host. The vulnerability was discovered and reported by researchers from Wiz Research (Andres Riancho, Ronen Shustin, and Shir Tamari) and was publicly disclosed on November 5, 2024. The affected versions include NVIDIA Container Toolkit up to and including v1.16.2 and NVIDIA GPU Operator up to and including version 24.6.2 (NVIDIA Bulletin).

The vulnerability is classified as a UNIX Symbolic Link (Symlink) Following issue (CWE-61) with a CVSS v3.1 base score of 4.1 (Medium severity). The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requiring Low privileges (PR:L) and User interaction (UI:R). The scope is Changed (S:C), with No impact on confidentiality (C:N), Low impact on integrity (I:L), and No impact on availability (A:N). The complete CVSS vector is AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N (NVIDIA Bulletin, Red Hat CVE).

A successful exploitation of this vulnerability might lead to data tampering through the creation of unauthorized files on the host system. Notably, an attacker cannot control the name and location of the files that are created, which somewhat limits the potential impact (NVIDIA Bulletin).

NVIDIA has released security updates to address this vulnerability. Users should upgrade to NVIDIA Container Toolkit v1.17 or NVIDIA GPU Operator 24.9.0 or later versions. The update can be installed following the installation section of the NVIDIA Container Toolkit documentation and the NVIDIA GPU Operator documentation (NVIDIA Bulletin).