Code Execution Vulnerability on NVIDIA Triton Inference Server for Linux (CVE-2024-0087)

Advisory No: TZCERT/SA/2024/05/02-1

Date of First Release: 2^nd May 2024

Source: NVIDIA

Software Affected: NVIDIA Triton Inference Server for Linux

Overview:

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file that may result in compromise of confidentiality, integrity, and availability of the server.

Description:

Rated with a 9.0 score, this vulnerability is tracked as CVE-2024-0087. This vulnerability impacts NVIDIA’s Triton Inference server for Linux allowing attackers to execute code in the affected server. The vulnerability allows a user to set a logging location to an arbitrary file which can then be misused to infect the server.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control of the affected system.

Solution:

NVIDIA has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://nvidia.custhelp.com/app/answers/detail/a_id/5535
2. https://vulners.com/nvidia/NVIDIA:5535