{"id":"AZL-52452","summary":"CVE-2024-0134 affecting package nvidia-container-toolkit for versions less than 1.17.1-1","details":"NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.","modified":"2026-04-21T04:33:26.667082Z","published":"2024-11-05T19:15:05Z","upstream":["CVE-2024-0134"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0134"}],"affected":[{"package":{"name":"nvidia-container-toolkit","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/nvidia-container-toolkit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52452.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"}]}