Lucene search

NvidiaVULNRICHMENT:CVE-2024-0100

HistoryMay 09, 2024 - 9:51 p.m.

CVE-2024-0100 CVE

2024-05-0921:51:36

CWE-73

nvidia

github.com

nvidia

triton inference server

vulnerability

tracing api

denial of service

data tampering

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nvidia:triton_inference_server:22.09:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "triton_inference_server",
    "versions": [
      {
        "status": "affected",
        "version": "22.09",
        "versionType": "custom",
        "lessThanOrEqual": "24.03"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5535

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0100