Detections
Analytics

NVIDIA Container Toolkit 1.17.1 Multiple Vulnerabilities (2025_01)

high Nessus Plugin ID 214271

Synopsis

The remote host is missing one or more security updates.

Description

The version of NVIDIA Container Toolkit installed on the remote host is prior to 1.17.1. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2025 advisory.

 - NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
 (CVE-2024-0135)

 - NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. (CVE-2024-0136)

 - NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges. (CVE-2024-0137)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to NVIDIA Container Toolkit version 1.17.1 or later.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/5599

Plugin Details

Severity: High

ID: 214271

File Name: nvidia_container_toolkit_2025_01.nasl

Version: 1.2

Type: local

Agent: unix

Family: Misc.

Published: 1/16/2025

Updated: 1/17/2025

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2024-0135

CVSS v3

Risk Factor: High

Base Score: 7.6

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:nvidia:container_toolkit

Required KB Items: installed_sw/NVIDIA Container Toolkit

Exploit Ease: No known exploits are available

Patch Publication Date: 1/13/2025

Vulnerability Publication Date: 1/13/2025

Reference Information

CVE: CVE-2024-0135, CVE-2024-0136, CVE-2024-0137

IAVB: 2025-B-0007