Unrated severityNVD Advisory· Published Feb 12, 2025· Updated Apr 11, 2025
CVE-2025-23359
CVE-2025-23359
Description
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Affected products
18(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions up to and including 1.17.3
- osv-coords15 versionspkg:rpm/opensuse/nvidia-container-toolkit&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7pkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/nvidia-container-toolkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 1.18.0-150200.5.17.1+ 14 more
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- (no CPE)range: < 1.18.0-150200.5.17.1
- Range: All versions up to and including 24.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.