Description
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- NVIDIA / Container ToolkitAll versions up to and including v1.16.1 – All versions up to and including v1.16.1
- NVIDIA / GPU OperatorAll versions up to and including 24.6.1 – All versions up to and including 24.6.1