201 matches found
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 CVSS score: 9.0 is a Time-of-Check...
Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks
A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk...
NVIDIA Container Toolkit 1.16.1 Breakout
NVIDIA Container Toolkit versions 1.16.1 and below contain a Time-of-check Time-of-Use TOCTOU vulnerability when used with a default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful...
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
Exploit Title: Container Breakout with NVIDIA Container Toolkit Date: 17/02/2025 Exploit Author: r0binak Software Link Homepage: https://github.com/NVIDIA/nvidia-container-toolkit Version: 1.16.1 Tested on: NVIDIA Container Tooklit 1.16.1 CVE: CVE-2024-0132 Description: NVIDIA Container Toolkit...
Azure Linux 3.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)
The version of nvidia-container-toolkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23359 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerabili...
CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1
CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1. An upgraded version of the package is available that resolves this issue...
Important: libnvidia-container
Issue Overview: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,...
Important: nvidia-container-toolkit
Issue Overview: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,...
Important: nvidia-container-toolkit
Issue Overview: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution,...
Important: libnvidia-container
Issue Overview: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A...
Important: nvidia-container-toolkit
Issue Overview: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A...
The vulnerability of software for creating and running NVIDIA Container Toolkit containers, as well as software for managing NVIDIA GPU resources, relates to synchronization errors when using shared resources. This “race condition” allows a malicious actor to execute code.
The vulnerability of the software for creating and running NVIDIA Container Toolkit containers, as well as the NVIDIA GPU Operator resource management software, is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute...
GHSA-7JM9-XPWX-V999 vulnerabilities
Vulnerabilities for packages: nvidia-container-toolkit...
GHSA-7JM9-XPWX-V999 vulnerabilities
Vulnerabilities for packages: nvidia-container-toolkit...
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
...
CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1
CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)
The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23359 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerabili...
NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute code within a container in order to exploit this vulnerability. The specific flaw exists within the mountfiles function. Th...
NVIDIA Container Toolkit < 1.17.4 (2025_02)
The version of NVIDIA Container Toolkit installed on the remote host is prior to 1.17.4. It is, therefore, affected by a vulnerability as referenced in the February 2025 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default...
SUSE CVE-2025-23359
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service,...