GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: gpu-operator, cloudnative-pg-fips, gitlab-runner, gitlab-runner-fips, verticadb-operator, k8s-driver-manager, terraform-provider-kubernetes-fips, istio-fips, rke2-runtime, datadog-agent-fips, gpu-operator-fips, kubescape, postgres-operator, headlamp-fips,...

CLEANSTART-2026-RR42740 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the gpu-operator package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...

CLEANSTART-2026-OC72960 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the gpu-operator-fips package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

CLEANSTART-2026-JM69747 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-AV56399 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-KL76732 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the gpu-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

CLEANSTART-2026-TW35447 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RL67763 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-W4GW-W5JQ-G9JH vulnerabilities

Vulnerabilities for packages: gendesk, cilium-envoy-fips, nvidia-gpu-operator-validator, backup-restore-operator, localstack, gitness, runc, k8s-device-plugin, rke2-runtime, wuzz, aws-load-balancer-controller, terraform, cilium-envoy, rke2-runtime-fips, k3s, gitlab-rails-ce,...

ROS-20251030-02

A vulnerability in the NVIDIA Virtual GPU Manager component of the NVIDIA Virtual GPU driver Virtual GPU is associated with incorrectly assigning permissions to a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the NVIDIA...

ROS-20251028-11

A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...

ROS-20251028-10

A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...

GO-2025-3992 NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path in github.com/NVIDIA/gpu-operator

NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path in github.com/NVIDIA/gpu-operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GO-2025-3998 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook in github.com/NVIDIA/gpu-operator

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook in github.com/NVIDIA/gpu-operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

The vulnerability of the `update-ldcache` function in software for creating and running NVIDIA Container Toolkit containers and NVIDIA GPU Operator resource management software allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability in the update-ldcache function of software for creating and running NVIDIA Container Toolkit containers, as well as the NVIDIA GPU Operator resource management software, arises from an improper definition of symbolic references before accessing files. Exploiting this vulnerabili...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: azuredisk-csi, kuma, prometheus-postgres-exporter, cert-exporter, flux-kustomize-controller-fips, aws-eks-pod-identity-agent, kubernetes-csi-external-snapshotter, kubescape-operator-fips, rancher-webhook-fips, databricks-cli-fips, openfga-fips, spegel-fips, spicedb,...

The vulnerability of the enable-cuda-compat function in software for creating and running NVIDIA Container Toolkit containers and NVIDIA GPU Operator resource management software allows a malicious actor to execute arbitrary code, gain elevated privileges, unauthorizedly access and modify protected information, or cause service failures.

The vulnerability of the enable-cuda-compat function in software for creating and running NVIDIA Container Toolkit containers, as well as in software for managing NVIDIA GPU resources, is related to the use of an unreliable search path. Exploiting this vulnerability allows a remote attacker to...

Security Bulletin: NVIDIA Container Toolkit - July 2025

NVIDIA has released a software update for NVIDIA® Container Toolkit and GPU Operator. To protect your system, install the software update as described in the installation section of the NVIDIA Container Toolkit documentation and the NVIDIA GPU Operator documentation. Go to NVIDIA Product Security...

PT-2025-29902

Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions up to 1.17.7 GPU Operator versions up to 25.3.0 NVIDIA Container Toolkit versions 1.17.8 and 25.3.1 are fixed. Description A critical vulnerability CVE-2025-23266, dubbed “NVIDIAScape”, exists in the NVIDIA...

The vulnerability of software for creating and running NVIDIA Container Toolkit containers, as well as software for managing NVIDIA GPU resources, relates to synchronization errors when using shared resources. This “race condition” allows a malicious actor to execute code.

The vulnerability of the software for creating and running NVIDIA Container Toolkit containers, as well as the NVIDIA GPU Operator resource management software, is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute...