CVE-2024-0136

High

Published: 28 January 2025

Published

28 January 2025

Modified

06 October 2025

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0010 27.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0136 is a high-severity Improper Isolation or Compartmentalization (CWE-653) vulnerability in Nvidia Nvidia Container Toolkit. Its CVSS base score is 7.6 (High).

Operationally, ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-39 (Process Isolation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Establishes secure configuration settings for the NVIDIA Container Toolkit to avoid vulnerable non-default configurations that enable improper isolation and host device access.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of flaws in the NVIDIA Container Toolkit, directly addressing the improper isolation vulnerability via vendor patches.

SC-39 Process Isolation good match

prevent

Enforces process isolation to prevent specially crafted container images from breaking separation and gaining unauthorized read/write access to host devices.

NVD Description

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in…

a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Deeper analysisAI

CVE-2024-0136 is an improper isolation vulnerability in the NVIDIA Container Toolkit, where a specially crafted container image can enable untrusted code to obtain read and write access to host devices. This issue affects the NVIDIA Container Toolkit only when configured in a nondefault manner. Classified under CWE-653, it carries a CVSS v3.1 base score of 7.6 (AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-01-28.

Exploitation requires an attacker with high privileges (PR:H) to deliver a malicious container image over the network (AV:N), involving high attack complexity (AC:H) and user interaction (UI:R). Successful attacks can result in arbitrary code execution, denial of service, privilege escalation, information disclosure, and data tampering on the host system, with significant impact across confidentiality, integrity, and availability in a scoped manner (S:C).

The official NVIDIA security bulletin provides details on mitigation, available at https://nvidia.custhelp.com/app/answers/detail/a_id/5599. Security practitioners should review this advisory for patching instructions and configuration guidance to address the nondefault setups affected by this vulnerability.

Details

CWE(s): CWE-653

Affected Products

nvidia

nvidia container toolkit

≤ 1.17.3

nvidia

nvidia gpu operator

≤ 24.9.1

CVEs Like This One

CVE-2024-0135Same product: Linux Linux Kernel

CVE-2025-23359Same product: Linux Linux Kernel

CVE-2025-23243Same product: Linux Linux Kernel

CVE-2025-33230Same product: Linux Linux Kernel

CVE-2025-23242Same product: Linux Linux Kernel

CVE-2025-33206Same product: Linux Linux Kernel

CVE-2026-23440Same product: Linux Linux Kernel

CVE-2026-31694Same product: Linux Linux Kernel

CVE-2026-31641Same product: Linux Linux Kernel

CVE-2026-31698Same product: Linux Linux Kernel

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5599
Mitigation, Vendor Advisory · psirt@nvidia.com