Vulnerabilites related to NVIDIA - GPU Operator
CVE-2025-23359 (GCVE-0-2025-23359)
Vulnerability from cvelistv5
Published
2025-02-12 00:52
Modified
2025-04-11 13:24
Severity ?
EPSS score ?
Summary
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | NVIDIA | Container Toolkit |
Version: All versions up to and including 1.17.3 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23359", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-11T13:20:19.602945Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-11T13:24:14.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "media-coverage", "exploit", ], url: "https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "Container Toolkit", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions up to and including 1.17.3", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "GPU Operator", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions up to and including 24.9.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.</span>", }, ], value: "NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Code execution, denial of service, escalation of privileges, information disclosure, data tampering", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T00:52:43.646Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5616", }, ], source: { discovery: "UNKNOWN", }, workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>This vulnerability does not impact use cases where CDI is used.</div><div><br>The fix for this vulnerability changes the default behavior of the NVIDIA Container Toolkit. By default the NVIDIA CUDA compatibility libraries from /usr/local/cuda/compat in the container are no longer mounted to the default library path in the container being run. This may affect certain applications that depend on this behavior.</div><div><br>A feature flag, allow-cuda-compat-libs-from-container was included in the NVIDIA Container Toolkit to allow users to opt-in to the previous behavior if required.<br>Warning: Opting-in to the previous behavior will remove protection against this vulnerability and is not recommended.</div><div><br>To set the feature flag ensure that the NVIDIA Container Toolkit config file at /etc/nvidia-container-runtime/config.toml includes:<br><br>[features]<br> allow-cuda-compat-libs-from-container = true</div><span style=\"background-color: rgb(255, 255, 255);\"> </span><div>Setting the value above to false or removing the config file entry will disable the feature.</div><div><br>In the case of the NVIDIA GPU Operator the feature flag can be set by including the following in the NVIDIA GPU Operator helm install command:</div><div>--set \"toolkit.env[0].name=NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES\" --set \"toolkit.env[0].value=allow-cuda-compat-libs-from-container\"</div><div> </div><div>For users who know that their application needs CUDA Forward Compatibility the following workaround can be used:</div><div><br>Setting the LD_LIBRARY_PATH environment variable to include /usr/local/cuda/compat</div><div><br>This may cause portability issues for some containers when running across multiple driver versions – especially when these are more recent than the compatibility libraries in the container.</div>\n\n<br>", }, ], value: "This vulnerability does not impact use cases where CDI is used.\n\n\nThe fix for this vulnerability changes the default behavior of the NVIDIA Container Toolkit. By default the NVIDIA CUDA compatibility libraries from /usr/local/cuda/compat in the container are no longer mounted to the default library path in the container being run. This may affect certain applications that depend on this behavior.\n\n\nA feature flag, allow-cuda-compat-libs-from-container was included in the NVIDIA Container Toolkit to allow users to opt-in to the previous behavior if required.\nWarning: Opting-in to the previous behavior will remove protection against this vulnerability and is not recommended.\n\n\nTo set the feature flag ensure that the NVIDIA Container Toolkit config file at /etc/nvidia-container-runtime/config.toml includes:\n\n[features]\n allow-cuda-compat-libs-from-container = true\n\n Setting the value above to false or removing the config file entry will disable the feature.\n\n\nIn the case of the NVIDIA GPU Operator the feature flag can be set by including the following in the NVIDIA GPU Operator helm install command:\n\n--set \"toolkit.env[0].name=NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES\" --set \"toolkit.env[0].value=allow-cuda-compat-libs-from-container\"\n\n \n\nFor users who know that their application needs CUDA Forward Compatibility the following workaround can be used:\n\n\nSetting the LD_LIBRARY_PATH environment variable to include /usr/local/cuda/compat\n\n\nThis may cause portability issues for some containers when running across multiple driver versions – especially when these are more recent than the compatibility libraries in the container.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2025-23359", datePublished: "2025-02-12T00:52:43.646Z", dateReserved: "2025-01-14T01:07:26.681Z", dateUpdated: "2025-04-11T13:24:14.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-0132 (GCVE-0-2024-0132)
Vulnerability from cvelistv5
Published
2024-09-26 05:18
Modified
2024-09-27 03:55
Severity ?
EPSS score ?
Summary
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | NVIDIA | Container Toolkit |
Version: All versions up to and including v1.16.1 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:nvidia:container_toolkit:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "container_toolkit", vendor: "nvidia", versions: [ { lessThanOrEqual: "1.16.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:nvidia:gpu_operator:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "gpu_operator", vendor: "nvidia", versions: [ { lessThanOrEqual: "24.6.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-0132", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T03:55:16.649Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "Container Toolkit", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions up to and including v1.16.1", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "GPU Operator", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions up to and including 24.6.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.</span>", }, ], value: "NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Code execution, denial of service, escalation of privileges, information disclosure, data tampering", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T05:18:33.211Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5582", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2024-0132", datePublished: "2024-09-26T05:18:33.211Z", dateReserved: "2023-12-02T00:42:43.107Z", dateUpdated: "2024-09-27T03:55:16.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-0133 (GCVE-0-2024-0133)
Vulnerability from cvelistv5
Published
2024-09-26 05:21
Modified
2024-09-26 13:30
Severity ?
EPSS score ?
Summary
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | NVIDIA | Container Toolkit |
Version: All versions up to and including v1.16.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-0133", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T13:30:24.651473Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T13:30:42.127Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "Container Toolkit", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions up to and including v1.16.1", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "GPU Operator", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions up to and including 24.6.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.</span>", }, ], value: "NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Data tampering", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T05:21:33.599Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5582", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2024-0133", datePublished: "2024-09-26T05:21:33.599Z", dateReserved: "2023-12-02T00:42:44.017Z", dateUpdated: "2024-09-26T13:30:42.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }