CVE-2025-23359
published 2025-02-12CVE-2025-23359: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_nvidia-container-toolkit_1.17.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_nvidia-container-toolkit_1.17.4-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.17.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.17.4-1_on_cbl_mariner_2.0 | — | — |
| nvidia | container_toolkit | — | — |
| nvidia | gpu_operator | — | — |
| nvidia | nvidia_container_toolkit | < 1.17.4 | 1.17.4 |
| nvidia | nvidia_gpu_operator | < 24.9.2 | 24.9.2 |