PT-2025-6424 · Nvidia+2 · Nvidia Container Toolkit+2
Andres Riancho
+4
·
Published
2025-02-11
·
Updated
2025-11-24
·
CVE-2025-23359
CVSS v3.1
8.3
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NVIDIA Container Toolkit versions up to and including 1.17.3
NVIDIA GPU Operator versions up to and including 24.9.1
Description
NVIDIA Container Toolkit and NVIDIA GPU Operator are affected by a Time-of-Check Time-of-Use (TOCTOU) vulnerability. This flaw can allow a crafted container image to gain access to the host file system, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. A bypass was discovered for a previously patched security flaw, reflagged as CVE-2025-23359. The vulnerability exists due to errors in synchronization when using a shared resource, creating a race condition.
Recommendations
NVIDIA Container Toolkit versions up to and including 1.17.3: Upgrade to a newer version to address the vulnerability.
NVIDIA GPU Operator versions up to and including 24.9.1: Upgrade to a newer version to address the vulnerability.
Exploit
Fix
DoS
LPE
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nvidia Container Toolkit
Red Os
Suse