Dre Cura

**Name of the Vulnerable Software and Affected Versions** NVIDIA Container Toolkit versions up to and including 1.17.3 NVIDIA GPU Operator versions up to and including 24.9.1 **Description** NVIDIA Container Toolkit and NVIDIA GPU Operator are affected by a Time-of-Check Time-of-Use (TOCTOU) vulnerability. This flaw can allow a crafted container image to gain access to the host file system, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. A bypass was discovered for a previously patched security flaw, reflagged as CVE-2025-23359. The vulnerability exists due to errors in synchronization when using a shared resource, creating a race condition. **Recommendations** NVIDIA Container Toolkit versions up to and including 1.17.3: Upgrade to a newer version to address the vulnerability. NVIDIA GPU Operator versions up to and including 24.9.1: Upgrade to a newer version to address the vulnerability.