Summary: Researchers have highlighted an incomplete patch for a critical security flaw in the NVIDIA Container Toolkit, which could lead to unauthorized access and operational disruptions. The vulnerability, CVE-2025-23359, remains a risk due to a long-standing Time-of-Check Time-of-Use problem that could allow attackers to escape container isolation. Additionally, a related performance flaw may result in a denial-of-service condition affecting Docker on Linux systems.
Affected: NVIDIA Container Toolkit and Docker on Linux systems
Keypoints :
- CVE-2024-0132 introduced a TOCTOU vulnerability that has not been fully resolved.
- Attackers with code execution capabilities in a container may exploit the vulnerability to access the host system.
- A performance flaw can lead to rapid growth of the Linux mount table, causing Docker to exhaust available file descriptors and generate DoS conditions.
- Mitigation steps include monitoring the mount table, restricting Docker API access, and conducting periodic audits of container configurations.
Source: https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html