Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security Vulnerability in NVIDIA Container Toolkit #1137

Open
shwethadec01 opened this issue Jan 24, 2025 · 3 comments
Open

Security Vulnerability in NVIDIA Container Toolkit #1137

shwethadec01 opened this issue Jan 24, 2025 · 3 comments

Comments

@shwethadec01
Copy link

A security vulnerability has been identified in the below container:
nvcr.io/nvidia/k8s-device-plugin v0.17.0-ubi9

Please update the vulnerable NVIDIA Container Toolkit component ASAP to the latest patched version that resolves this vulnerability

CERT Recommendation:
Update NVIDIA Container Toolkit to version 1.17.1 or later.

Vendor Advisories:
Vulnerabilities 1 - 3 | Advisory | NVIDIA Container Toolkit - 13 January 2025CVE-2024-135

CVEs:
CVE-2024-135, CVE-2024-136, CVE-2024-137
@shwethadec01
Copy link
Author

Hi Team, please provide the updates if this issue has been acknowledged
Thanks

@elezar
Copy link
Member

elezar commented Feb 3, 2025

Please note that the vulnerabilities are not applicable to the go packages -- which the device plugin consumes.

@shwethadec01
Copy link
Author

thanks for the confirmation @elezar

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elezar @shwethadec01