Primary

Context

NVIDIA Container Toolkit Update-Ldcache Hook Vulnerability Allowing Data Tampering and Denial-of-Service

Vulnerability

A vulnerability exists in the NVIDIA Container Toolkit's update-ldcache hook, where an attacker could manipulate link following by using a specially crafted container image. This exploitation could result in data tampering and a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to unauthorized data modifications and cause a denial-of-service condition.

Remediation

Users can update to NVIDIA Container Toolkit version 1.17.8. Instructions for updating can be found in the NVIDIA Container Toolkit installation guide. For those using the NVIDIA GPU Operator, version 25.3.1 includes this update. If using a GPU Operator version prior to 25.3.1, NVIDIA Container Toolkit 1.17.8 can be deployed by specifying the version during the installation or upgrade process.

Added: Jul 17, 2025, 8:42 PM

Updated: Jul 17, 2025, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Container Toolkit Update-Ldcache Hook Vulnerability Allowing Data Tampering and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating