GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: rke2-runtime-fips, longhorn-cli-fips, gpu-operator, k8sgpt-operator, cilium-fips, falcoctl-fips, hubble, trident, velero, sonobuoy, trident-fips, kubescape, trivy-operator, gitlab-runner, k8s-driver-manager-fips, kubernetes-dashboard-api, rke2-runtime,...

CLEANSTART-2026-RR42740 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the gpu-operator package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...

CLEANSTART-2026-OC72960 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the gpu-operator-fips package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

CLEANSTART-2026-JM69747 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-AV56399 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-KL76732 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the gpu-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

CLEANSTART-2026-TW35447 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RL67763 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1

Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-W4GW-W5JQ-G9JH vulnerabilities

Vulnerabilities for packages: rke2-runtime-fips, cilium-envoy, nvidia-gpu-operator-validator, gitlab-rails-ce, terraform, wuzz, gendesk, localstack, rke2-runtime, k3s, aws-load-balancer-controller, runc, backup-restore-operator, gitness, fuse-overlayfs-snapshotter, cilium-envoy-fips,...

ROS-20251030-02

A vulnerability in the NVIDIA Virtual GPU Manager component of the NVIDIA Virtual GPU driver Virtual GPU is associated with incorrectly assigning permissions to a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the NVIDIA...

ROS-20251028-10

A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...

ROS-20251028-11

A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...

GO-2025-3998 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook in github.com/NVIDIA/gpu-operator

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook in github.com/NVIDIA/gpu-operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2025-3992 NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path in github.com/NVIDIA/gpu-operator

NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path in github.com/NVIDIA/gpu-operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: sqlexporter, glow, openbao-fips, gpu-operator, docker-cli-fips, buildkitd, cass-operator, spark-operator-fips, vault-csi-provider, gosu, velero, external-secrets-operator, helm-fips, authservice, kubernetes-fips, docker-credential-gcr,...

Security Bulletin: NVIDIA Container Toolkit - July 2025

NVIDIA has released a software update for NVIDIA® Container Toolkit and GPU Operator. To protect your system, install the software update as described in the installation section of the NVIDIA Container Toolkit documentation and the NVIDIA GPU Operator documentation. Go to NVIDIA Product Security...

PT-2025-29902

Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions up to 1.17.7 GPU Operator versions up to 25.3.0 NVIDIA Container Toolkit versions 1.17.8 and 25.3.1 are fixed. Description A critical vulnerability CVE-2025-23266, dubbed “NVIDIAScape”, exists in the NVIDIA...

PT-2025-6424

Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions up to and including 1.17.3 NVIDIA GPU Operator versions up to and including 24.9.1 Description NVIDIA Container Toolkit and NVIDIA GPU Operator are affected by a Time-of-Check Time-of-Use TOCTOU vulnerability...

CVE-2025-24882 vulnerabilities

Vulnerabilities for packages: guac...

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host.

...