Cyber Resilience

CVE-2024-0136

High

Published: 28 January 2025

Published
28 January 2025
Modified
06 October 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0010 27.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0136 is a high-severity Improper Isolation or Compartmentalization (CWE-653) vulnerability in Nvidia Nvidia Container Toolkit. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-39 (Process Isolation).

Deeper analysis

CVE-2024-0136 is an improper isolation vulnerability in the NVIDIA Container Toolkit, where a specially crafted container image can enable untrusted code to obtain read and write access to host devices. This issue affects the NVIDIA Container Toolkit only when configured in a nondefault manner. Classified under CWE-653, it carries a CVSS v3.1 base score of 7.6 (AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-01-28.

Exploitation requires an attacker with high privileges (PR:H) to deliver a malicious container image over the network (AV:N), involving high attack complexity (AC:H) and user interaction (UI:R). Successful attacks can result in arbitrary code execution, denial of service, privilege escalation, information disclosure, and data tampering on the host system, with significant impact across confidentiality, integrity, and availability in a scoped manner (S:C).

The official NVIDIA security bulletin provides details on mitigation, available at https://nvidia.custhelp.com/app/answers/detail/a_id/5599. Security practitioners should review this advisory for patching instructions and configuration guidance to address the nondefault setups affected by this vulnerability.

EU & UK References

Vulnerability details

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in…

more

a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Direct container escape via crafted image exploiting isolation flaw in NVIDIA Container Toolkit.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-0135Same product: Linux Linux Kernel
CVE-2025-23359Same product: Linux Linux Kernel
CVE-2026-24217Same product: Linux Linux Kernel
CVE-2026-24210Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2025-33225Same product: Linux Linux Kernel
CVE-2026-24208Same product: Linux Linux Kernel
CVE-2026-24212Same product: Linux Linux Kernel
CVE-2026-24162Same product: Linux Linux Kernel

Affected Assets

nvidia
nvidia container toolkit
≤ 1.17.3
nvidia
nvidia gpu operator
≤ 24.9.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes secure configuration settings for the NVIDIA Container Toolkit to avoid vulnerable non-default configurations that enable improper isolation and host device access.

prevent

Requires timely remediation of flaws in the NVIDIA Container Toolkit, directly addressing the improper isolation vulnerability via vendor patches.

prevent

Enforces process isolation to prevent specially crafted container images from breaking separation and gaining unauthorized read/write access to host devices.

References