CVE-2024-0087

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5535	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5535	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

19 Sep 2025, 13:17

Type	Values Removed	Values Added
First Time		Linux Nvidia Nvidia triton Inference Server Linux linux Kernel
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 - Vendor Advisory
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:nvidia:triton_inference_server::::::::

21 Nov 2024, 08:45

Type	Values Removed	Values Added
Summary		(es) NVIDIA Triton Inference Server para Linux contiene una vulnerabilidad en la que un usuario puede configurar la ubicación de registro en un archivo arbitrario. Si este archivo existe, los registros se agregan al archivo. Una explotación exitosa de esta vulnerabilidad podría provocar la ejecución de código, denegación de servicio, escalada de privilegios, divulgación de información y manipulación de datos.
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -

14 May 2024, 14:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 14:39

Updated : 2025-09-19 13:17

NVD link : CVE-2024-0087

Mitre link : CVE-2024-0087

CVE.ORG link : CVE-2024-0087

JSON object : View

Products Affected

linux

linux_kernel

nvidia

triton_inference_server

CWE

CWE-73

External Control of File Name or Path

{"id": "CVE-2024-0087", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T14:39:28.290", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA Triton Inference Server para Linux contiene una vulnerabilidad en la que un usuario puede configurar la ubicaci\u00f3n de registro en un archivo arbitrario. Si este archivo existe, los registros se agregan al archivo. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."}], "lastModified": "2025-09-19T13:17:26.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83AF701D-0125-4F2A-B2DC-BEC08B74F49F", "versionEndExcluding": "24.04", "versionStartIncluding": "20.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}