Описание
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
A flaw was found in the NVIDIA Container Toolkit. Affected versions contain a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with the default configuration, where a specifically crafted container image may gain access to the host file system. This issue does not impact use cases where CDI is used.
The original fix for the vulnerability shipped by upstream was incomplete. The fix has been continued on CVE-2025-23359.
The Container Device Interface (CDI) provides a standardized way to expose hardware devices like GPUs to containers, enabling more secure and predictable deployments. By clearly separating device access from the underlying container runtime, CDI helps contain the impact of bugs or vulnerabilities in device drivers. This isolation extends across container layers, so even if another container is built on top of one that implements CDI, hardware access remains controlled and protected, preserving security in derivative workloads.
A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Отчет
No Red Hat containers are vulnerable because they all implement CDI. Due to specific prerequisites, this vulnerability in the NVIDIA Container Toolkit does not affect Red Hat Products and is rated as Important severity rather than Critical. First, a specifically crafted container image is required for effective exploitation. Red Hat signs all containers to ensure their authenticity, integrity and security. If such a container is used either on its own or as a lower layer, this bug can not be exploited. Additionally, this vulnerability is not zero touch, and needs active user interaction to work, further reducing the likelihood of an attack. Most importantly, this vulnerability does not impact use cases that comply with our operating procedures by utilizing the Container Device Interface (CDI). Furthermore, for an attacker to deploy a crafted container image, they would need an environment that permits untrusted containers, which is a scenario that is not typical for Red Hat customers.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-nvidia-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Уязвимость программного обеспечения для создания и запуска контейнеров NVIDIA Container Toolkit и программного средства для управления ресурсами NVIDIA GPU Operator, позволяющая нарушителю повысить свои привилегии или выполнить произвольный код
EPSS
8.3 High
CVSS3