Impact
NVIDIA Container Toolkit for Linux contains a race condition between checking file existence and using that file. If an attacker succeeds, they can trick the container runtime into executing arbitrary code, effectively escalating privileges and modifying data within the container environment. The weakness corresponds to CWE-367.
Affected Systems
NVIDIA Container Toolkit and NVIDIA GPU Operator running on Linux are affected. No specific version numbers are listed, so all current releases should be considered vulnerable until.
Risk and Exploitability
The assessed CVSS score is 8.5, indicating high severity. EPSS is not available, so the likelihood of exploitation in the wild is uncertain but potentially significant given the privilege escalation impact. The vulnerability is not yet listed in the CISA KEV catalog. Because the race condition operates within the container runtime, the likely attack vector requires the attacker to have the ability to influence container configuration or file system state, suggesting at least a local or privileged user context.
OpenCVE Enrichment