CVE-2024-0136: 
NVIDIA Container Toolkit vulnerability analysis and mitigation

NVIDIA Container Toolkit contains an improper isolation vulnerability (CVE-2024-0136) discovered in January 2025. The vulnerability allows a specially crafted container image to lead to untrusted code obtaining read and write access to host devices. This security flaw is only present when the NVIDIA Container Toolkit is configured in a nondefault way (NVIDIA Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.6 (High) with the vector string AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H. It is classified under CWE-653 (Improper Isolation or Compartmentalization). The vulnerability specifically affects NVIDIA Container Toolkit versions up to and including v1.17.2 on Linux platforms, with v1.17.3 released as the patched version (NVIDIA Bulletin).

A successful exploitation of this vulnerability can lead to multiple severe consequences including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The vulnerability allows untrusted code to obtain read and write access to host devices, potentially compromising the entire system (NVIDIA Bulletin, Security Online).

To mitigate the vulnerability, users should ensure the NVIDIA Container Toolkit is configured in the default way. Specifically, in the /etc/nvidia-container-runtime/config.toml file, the NVIDIA Container Toolkit should be configured to use the host's ldconfig binary with the setting 'ldconfig = "@/sbin/ldconfig"'. The @ prefix indicates that the path is relative to the host's file system. Additionally, users should upgrade to NVIDIA Container Toolkit version v1.17.3 or NVIDIA GPU Operator version 24.9.1 (NVIDIA Bulletin).