Cyber Resilience

CVE-2024-0135

High

Published: 28 January 2025

Published
28 January 2025
Modified
06 October 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0010 27.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0135 is a high-severity Improper Isolation or Compartmentalization (CWE-653) vulnerability in Nvidia Nvidia Container Toolkit. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-0135 is an improper isolation vulnerability in the NVIDIA Container Toolkit. The issue arises when a specially crafted container image can lead to modification of a host binary. Successful exploitation may result in code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The vulnerability is rated with a CVSS v3.1 base score of 7.6 (AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H) and is associated with CWE-653.

An attacker requires high privileges (PR:H) on the target system and must convince a user to interact with a malicious container image (UI:R), such as loading or running it. The attack is feasible over the network (AV:N) but involves high complexity (AC:H). Exploitation changes the scope (S:C) and can achieve high impacts on confidentiality, integrity, and availability, including arbitrary code execution on the host and privilege escalation beyond the container's isolation.

NVIDIA has published a security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5599 detailing the vulnerability, which was disclosed on 2025-01-28. Practitioners should consult this advisory for patch information and mitigation guidance.

EU & UK References

Vulnerability details

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information…

more

disclosure, and data tampering.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
T1554 Compromise Host Software Binary Persistence
Adversaries may modify host software binaries to establish persistent access to systems.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct container escape via host binary modification enables T1611 (Escape to Host), T1554 (Compromise Host Software Binary), and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-0136Same product: Linux Linux Kernel
CVE-2025-23359Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2025-33230Same product: Linux Linux Kernel
CVE-2025-23242Same product: Linux Linux Kernel
CVE-2026-31553Same product: Linux Linux Kernel
CVE-2026-23425Same product: Linux Linux Kernel
CVE-2026-24217Same product: Linux Linux Kernel
CVE-2026-24210Same product: Linux Linux Kernel

Affected Assets

nvidia
nvidia container toolkit
≤ 1.17.3
nvidia
nvidia gpu operator
≤ 24.9.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the improper isolation flaw in NVIDIA Container Toolkit via timely patching, preventing exploitation by specially crafted container images.

prevent

Enforces process isolation between containers and host, directly countering the vulnerability that allows container images to modify host binaries.

detect

Monitors host software and firmware integrity to detect unauthorized modifications of host binaries resulting from container escape exploits.

References