CVE-2025-23359
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NVIDIA | Container Toolkit | All versions up to and including 1.17.3 | affected |
| NVIDIA | GPU Operator | All versions up to and including 24.9.1 | affected |
Weaknesses
- CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Workarounds
This vulnerability does not impact use cases where CDI is used.
The fix for this vulnerability changes the default behavior of the NVIDIA Container Toolkit. By default the NVIDIA CUDA compatibility libraries from /usr/local/cuda/compat in the container are no longer mounted to the default library path in the container being run. This may affect certain applications that depend on this behavior.
A feature flag, allow-cuda-compat-libs-from-container was included in the NVIDIA Container Toolkit to allow users to opt-in to the previous behavior if required. Warning: Opting-in to the previous behavior will remove protection against this vulnerability and is not recommended.
To set the feature flag ensure that the NVIDIA Container Toolkit config file at /etc/nvidia-container-runtime/config.toml includes:
[features] allow-cuda-compat-libs-from-container = true
Setting the value above to false or removing the config file entry will disable the feature.
In the case of the NVIDIA GPU Operator the feature flag can be set by including the following in the NVIDIA GPU Operator helm install command:
–set "toolkit.env[0].name=NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES" –set "toolkit.env[0].value=allow-cuda-compat-libs-from-container"
For users who know that their application needs CUDA Forward Compatibility the following workaround can be used:
Setting the LD_LIBRARY_PATH environment variable to include /usr/local/cuda/compat
This may cause portability issues for some containers when running across multiple driver versions – especially when these are more recent than the compatibility libraries in the container.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.