Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities

Nvidia, Zoom, and Zyxel this week announced fixes for multiple high-severity vulnerabilities in their products, urging users to update devices as soon as possible.

Nvidia released patches for three security defects in Container Toolkit and GPU Operator for Linux, including two high-severity improper isolation bugs that could be exploited using crafted container images.

The first issue, tracked as CVE-2024-0135, could lead to the modification of a host binary, while the second, tracked as CVE-2024-0136, could lead to untrusted code gaining read and write access to host devices.

In both cases, successful exploitation could result in code execution, privilege escalation, denial-of-service (DoS), information disclosure, and data tampering, but the second flaw only impacts Container Toolkit deployments that are configured in a nondefault way.

Both vulnerabilities were resolved in Container Toolkit version 1.17.1 and GPU Operator version 24.9.1, which also address a medium-severity improper isolation vulnerability that could ...