k8s-device-plugin icon indicating copy to clipboard operation
k8s-device-plugin copied to clipboard
verified publisher icon NVIDIA

Security Vulnerability in NVIDIA Container Toolkit

Open shwethadec01 opened this issue 11 months ago • 3 comments

A security vulnerability has been identified in the below container: nvcr.io/nvidia/k8s-device-plugin v0.17.0-ubi9

Please update the vulnerable NVIDIA Container Toolkit component ASAP to the latest patched version that resolves this vulnerability

CERT Recommendation: Update NVIDIA Container Toolkit to version 1.17.1 or later.

Vendor Advisories: Vulnerabilities 1 - 3 | Advisory | NVIDIA Container Toolkit - 13 January 2025CVE-2024-135

CVEs: CVE-2024-135, CVE-2024-136, CVE-2024-137

shwethadec01 avatar Jan 24 '25 14:01 shwethadec01

Hi Team, please provide the updates if this issue has been acknowledged Thanks

shwethadec01 avatar Jan 30 '25 05:01 shwethadec01

Please note that the vulnerabilities are not applicable to the go packages -- which the device plugin consumes.

elezar avatar Feb 03 '25 12:02 elezar

thanks for the confirmation @elezar

shwethadec01 avatar Feb 06 '25 12:02 shwethadec01