Advisory No: TZCERT/SA/2024/05/02-1
Date of First Release: 2nd May 2024
Source: NVIDIA
Software Affected: NVIDIA Triton Inference Server for Linux
Overview:
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file that may result in compromise of confidentiality, integrity, and availability of the server.
Description:
Rated with a 9.0 score, this vulnerability is tracked as CVE-2024-0087. This vulnerability impacts NVIDIA’s Triton Inference server for Linux allowing attackers to execute code in the affected server. The vulnerability allows a user to set a logging location to an arbitrary file which can then be misused to infect the server.
Impact:
Successful exploitation of this vulnerability may allow an attacker to take control of the affected system.
Solution:
NVIDIA has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
References: