NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

🗓️ 23 Feb 2025 08:00:00Reported by MicrosoftType

TOCTOU flaw in NVIDIA Container Toolkit for Linux defaults lets containers access host files, risking code execution.

Reporter	Title	Published	Views	Family All 44
Amazon	Important: libnvidia-container	6 Mar 202500:00	–	amazon
Amazon	Important: nvidia-container-toolkit	6 Mar 202500:00	–	amazon
Information Security Automation	November Linux Patch Wednesday	21 Nov 202516:21	–	avleonov
Tenable Nessus	Azure Linux 3.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)	20 Mar 202500:00	–	nessus
Tenable Nessus	Fedora 41 : golang-github-nvidia-container-toolkit (2025-0245d352e6)	7 May 202500:00	–	nessus
Tenable Nessus	Fedora 40 : golang-github-nvidia-container-toolkit (2025-c3c3774126)	7 May 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)	22 Feb 202500:00	–	nessus
Tenable Nessus	NVIDIA Container Toolkit < 1.17.4 (2025_02)	14 Feb 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : nvidia-container-toolkit (SUSE-SU-2025:4187-1)	25 Nov 202500:00	–	nessus
CBLMariner	CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1	13 Mar 202515:10	–	cbl_mariner