ГлавнаяУязвимости → CVE-2025-23359
8.3высокая

CVE-2025-23359

Описание

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Затрагиваемое ПО
Nvidia Nvidia container toolkitNvidia Nvidia gpu operatorLinux Linux kernel
CVSS
Балл8.3 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Источники
https://nvidia.custhelp.com/app/answers/detail/a_id/5616https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html