CVE-2024-0135: 
NVIDIA Container Toolkit vulnerability analysis and mitigation

NVIDIA Container Toolkit contains an improper isolation vulnerability (CVE-2024-0135) discovered in January 2025. The vulnerability affects all versions of NVIDIA Container Toolkit up to and including v1.17.2 and NVIDIA GPU Operator up to and including 24.9.0 on Linux platforms. A specially crafted container image could lead to modification of a host binary, potentially compromising system security (NVIDIA Bulletin, NVD).

The vulnerability is classified as an improper isolation or compartmentalization issue (CWE-653) with a CVSS v3.1 base score of 7.6 (High). The attack vector is network-based (AV:N) with high attack complexity (AC:H), requires high privileges (PR:H) and user interaction (UI:R), with changed scope (S:C). The impact potential for confidentiality, integrity, and availability is all rated as high (C:H/I:H/A:H) (NVIDIA Bulletin).

A successful exploitation of this vulnerability can lead to multiple severe security impacts including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The vulnerability allows attackers to potentially modify host binaries through specially crafted container images (NVIDIA Bulletin).

NVIDIA has released version v1.17.3 of the Container Toolkit and version 24.9.1 of the GPU Operator to address this vulnerability. Users are strongly advised to upgrade to these versions. The fix includes changes to prevent the execution of untrusted code and modifications to the default behavior of the NVIDIA Container Toolkit to disallow ldconfig paths that are not relative to the host's file system (NVIDIA Bulletin).

The vulnerability was discovered and reported by security researchers Andres Riancho, Ronen Shustin, and Shir Tamari from Wiz Research, demonstrating active security research in container technologies (NVIDIA Bulletin).