NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Fixes

Solution

No solution given by the vendor.


Workaround

This vulnerability does not impact use cases where CDI is used. The fix for this vulnerability changes the default behavior of the NVIDIA Container Toolkit. By default the NVIDIA CUDA compatibility libraries from /usr/local/cuda/compat in the container are no longer mounted to the default library path in the container being run. This may affect certain applications that depend on this behavior. A feature flag, allow-cuda-compat-libs-from-container was included in the NVIDIA Container Toolkit to allow users to opt-in to the previous behavior if required. Warning: Opting-in to the previous behavior will remove protection against this vulnerability and is not recommended. To set the feature flag ensure that the NVIDIA Container Toolkit config file at /etc/nvidia-container-runtime/config.toml includes: [features]   allow-cuda-compat-libs-from-container = true  Setting the value above to false or removing the config file entry will disable the feature. In the case of the NVIDIA GPU Operator the feature flag can be set by including the following in the NVIDIA GPU Operator helm install command: --set "toolkit.env[0].name=NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES" --set "toolkit.env[0].value=allow-cuda-compat-libs-from-container"   For users who know that their application needs CUDA Forward Compatibility the following workaround can be used: Setting the LD_LIBRARY_PATH environment variable to include /usr/local/cuda/compat This may cause portability issues for some containers when running across multiple driver versions – especially when these are more recent than the compatibility libraries in the container.

History

Thu, 25 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Nvidia nvidia Container Toolkit
Nvidia nvidia Gpu Operator
CPEs cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Nvidia nvidia Container Toolkit
Nvidia nvidia Gpu Operator

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00129}

epss

{'score': 0.00149}


Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00191}

epss

{'score': 0.00129}


Fri, 11 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 12 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 12 Feb 2025 13:45:00 +0000

Type Values Removed Values Added
Title nvidia-container-toolkit: TOCTOU Vulnerability in NVIDIA Container Toolkit
References
Metrics threat_severity

None

threat_severity

Important


Wed, 12 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2025-04-11T13:24:14.643Z

Reserved: 2025-01-14T01:07:26.681Z

Link: CVE-2025-23359

cve-icon Vulnrichment

Updated: 2025-02-12T15:59:37.487Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-12T01:15:09.230

Modified: 2025-09-25T13:50:04.687

Link: CVE-2025-23359

cve-icon Redhat

Severity : Important

Publid Date: 2025-02-12T00:52:43Z

Links: CVE-2025-23359 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:07:13Z