Lucene search
+L

201 matches found

thn
thn
added 2025/04/10 2:13 p.m.18 views

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 CVSS score: 9.0 is a Time-of-Check...

9CVSS8.3AI score0.37055EPSS
Exploits3
trendmicroblog
trendmicroblog
added 2025/04/10 12:0 a.m.8 views

Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk...

9CVSS7.2AI score0.37055EPSS
Exploits2
packetstorm
packetstorm
added 2025/03/31 12:0 a.m.227 views

NVIDIA Container Toolkit 1.16.1 Breakout

NVIDIA Container Toolkit versions 1.16.1 and below contain a Time-of-check Time-of-Use TOCTOU vulnerability when used with a default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful...

9CVSS7.5AI score0.37055EPSS
Exploits2
exploitdb
exploitdb
added 2025/03/26 12:0 a.m.217 views

NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)

Exploit Title: Container Breakout with NVIDIA Container Toolkit Date: 17/02/2025 Exploit Author: r0binak Software Link Homepage: https://github.com/NVIDIA/nvidia-container-toolkit Version: 1.16.1 Tested on: NVIDIA Container Tooklit 1.16.1 CVE: CVE-2024-0132 Description: NVIDIA Container Toolkit...

9CVSS7.4AI score0.37055EPSS
Exploits2
nessus
nessus
added 2025/03/20 12:0 a.m.14 views

Azure Linux 3.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)

The version of nvidia-container-toolkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23359 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerabili...

8.3CVSS8.6AI score0.03577EPSS
Exploits1References2
cbl_mariner
cbl_mariner
added 2025/03/13 3:10 p.m.24 views

CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1

CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1. An upgraded version of the package is available that resolves this issue...

8.3CVSS7.2AI score0.03577EPSS
Exploits1
amazon
amazon
added 2025/03/06 12:0 a.m.7 views

Important: libnvidia-container

Issue Overview: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,...

8.4CVSS7.3AI score0.01088EPSS
Exploits0
amazon
amazon
added 2025/03/06 12:0 a.m.9 views

Important: nvidia-container-toolkit

Issue Overview: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,...

8.4CVSS7.3AI score0.01088EPSS
Exploits0
amazon
amazon
added 2025/03/06 12:0 a.m.9 views

Important: nvidia-container-toolkit

Issue Overview: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution,...

8.3CVSS7.3AI score0.03577EPSS
Exploits1
amazon
amazon
added 2025/03/06 12:0 a.m.9 views

Important: libnvidia-container

Issue Overview: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A...

9CVSS7.4AI score0.37055EPSS
Exploits2
amazon
amazon
added 2025/03/06 12:0 a.m.10 views

Important: nvidia-container-toolkit

Issue Overview: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A...

9CVSS7.4AI score0.37055EPSS
Exploits2
bdu_fstec
bdu_fstec
added 2025/02/26 12:0 a.m.5 views

The vulnerability of software for creating and running NVIDIA Container Toolkit containers, as well as software for managing NVIDIA GPU resources, relates to synchronization errors when using shared resources. This “race condition” allows a malicious actor to execute code.

The vulnerability of the software for creating and running NVIDIA Container Toolkit containers, as well as the NVIDIA GPU Operator resource management software, is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute...

8.3CVSS8.4AI score0.03577EPSS
Exploits1References7Affected Software3
wolfi
wolfi
added 2025/02/25 3:16 p.m.6 views

GHSA-7JM9-XPWX-V999 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit...

7.5AI score
Exploits0
cgr
cgr
added 2025/02/25 1:11 p.m.7 views

GHSA-7JM9-XPWX-V999 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit...

7.3AI score
Exploits0
mscve
mscve
added 2025/02/23 8:0 a.m.4 views

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

...

8.3CVSS9.2AI score0.03577EPSS
Exploits1
cbl_mariner
cbl_mariner
added 2025/02/22 4:7 p.m.14 views

CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1

CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1. An upgraded version of the package is available that resolves this issue...

8.3CVSS7.2AI score0.03577EPSS
Exploits1
nessus
nessus
added 2025/02/22 12:0 a.m.14 views

CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)

The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23359 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerabili...

8.3CVSS8.6AI score0.03577EPSS
Exploits1References2
zdi
zdi
added 2025/02/19 12:0 a.m.8 views

NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute code within a container in order to exploit this vulnerability. The specific flaw exists within the mountfiles function. Th...

9CVSS7.6AI score0.03577EPSS
Exploits1References1
nessus
nessus
added 2025/02/14 12:0 a.m.18 views

NVIDIA Container Toolkit < 1.17.4 (2025_02)

The version of NVIDIA Container Toolkit installed on the remote host is prior to 1.17.4. It is, therefore, affected by a vulnerability as referenced in the February 2025 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default...

8.3CVSS8.6AI score0.03577EPSS
Exploits1References2
susecve
susecve
added 2025/02/13 12:20 a.m.7 views

SUSE CVE-2025-23359

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service,...

8.3CVSS9.2AI score0.03577EPSS
Exploits1References4
Rows per page
Query Builder