Vulnerability Description
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Triton Inference Server | >= 20.10, < 24.05 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5546Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5546Vendor Advisory
FAQ
What is CVE-2024-0095?
CVE-2024-0095 is a vulnerability with a CVSS score of 9.0 (CRITICAL). NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful e...
How severe is CVE-2024-0095?
CVE-2024-0095 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-0095?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Triton Inference Server, Linux Linux Kernel, Microsoft Windows.