2345129 – (CVE-2025-23359) CVE-2025-23359 nvidia-container-toolkit: TOCTOU Vulnerability in NVIDIA Container Toolkit

Bug 2345129 (CVE-2025-23359) - CVE-2025-23359 nvidia-container-toolkit: TOCTOU Vulnerability in NVIDIA Container Toolkit

Summary: CVE-2025-23359 nvidia-container-toolkit: TOCTOU Vulnerability in NVIDIA Conta...

Keywords:
Status:	NEW
Alias:	CVE-2025-23359
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2345164 2345165 2345166 2345167
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-12 01:01 UTC by OSIDB Bzimport
Modified:	2025-02-12 13:55 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-12 01:01:17 UTC

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Note You need to log in before you can comment on or make changes to this bug.