Bug 2381794 (CVE-2025-23266)

Summary: CVE-2025-23266 nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: bbrownin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the NVIDIA Container Toolkit. This vulnerability allows execution of arbitrary code with elevated permissions via improperly secured container initialization hooks. This can potentially lead to privilege escalation, data tampering, information disclosure, and denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2381902, 2381903, 2382219, 2382220    
Bug Blocks:    

Description OSIDB Bzimport 2025-07-17 20:02:34 UTC 
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Comment 3 errata-xmlrpc 2025-08-12 06:42:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:13673 https://access.redhat.com/errata/RHSA-2025:13673
Comment 4 errata-xmlrpc 2025-08-12 06:46:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:13674 https://access.redhat.com/errata/RHSA-2025:13674