VYPR

Container Toolkit

by Nvidia

CVEs (7)

  • CVE-2024-0132Sep 26, 2024
    risk 0.03cvss epss 0.36

    NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A…

  • CVE-2025-23359Feb 12, 2025
    risk 0.00cvss epss 0.03

    NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code…

  • CVE-2024-0137Jan 28, 2025
    risk 0.00cvss epss 0.00

    NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a…

  • CVE-2024-0136Jan 28, 2025
    risk 0.00cvss epss 0.01

    NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a…

  • CVE-2024-0135Jan 28, 2025
    risk 0.00cvss epss 0.01

    NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,…

  • CVE-2024-0134Nov 5, 2024
    risk 0.00cvss epss 0.00

    NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful…

  • CVE-2024-0133Sep 26, 2024
    risk 0.00cvss epss 0.00

    NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this…