Primary

Context

NVIDIA Container Toolkit TOCTOU Vulnerability Allowing Host File System Access

Vulnerability

A Time-of-Check Time-of-Use (TOCTOU) vulnerability has been identified in the NVIDIA Container Toolkit for Linux, all versions prior to and including 1.17.3. When used with the default configuration, a crafted container image could access the host file system. Exploitation of this vulnerability could lead to code execution, denial of service, privilege escalation, information disclosure, and data tampering.

Impact

Exploitation could result in unauthorized code execution, disruption of services, elevated privileges, unauthorized information access, and unauthorized data modification.

Remediation

Users should update to NVIDIA Container Toolkit version 1.17.4 or later. For those using the NVIDIA GPU Operator, the updated version is 24.9.2. Instructions for updating can be found in the NVIDIA Container Toolkit and NVIDIA GPU Operator documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Container Toolkit TOCTOU Vulnerability Allowing Host File System Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating