- NVIDIA confirms a new error in the container tool kit and GPU operator
- The error allows malicious actors to execute the code remotely
- A solution was already implemented, so patch now
The NVIDIA container tools set for Linux, a set of tools that allows developers to build and execute accelerated containers with GPU using Docker or other container execution times, entails a vulnerability that allows threat actors to obtain access to the system of host files and thus execute the malicious code. Remotely, it executes attacks of denial of service, intensifies privileges, steals confidential information or manipulating the victim’s data.
The company confirmed the news in a security notice, pointing to both the NVIDIA container tool kit and the NVIDIA GPU operator (a native solution of Kubernetes that automates the implementation, management and monitoring of the Nvidia GPU resources in a kubernettes cluster) are vulnerable to the error that is being traced as CVE-2025-23359.
He was assigned a gravity score of 8.3, and it was said that it affected all versions of the container tool kit up to 1.17.3, and all versions up to 24.9.1 of the GPU operator.
Patch bypass
The errors were solved in versions 1.17.4 and 24.9.2 respectively. It is also worth mentioning that the fault is only present in Linux and does not affect the use cases in which CDI is used.
Wiz cybersecurity researchers affirm that this is actually a detour for another vulnerability. Apparently, the previous error is tracked as CVE-2024-0132, and has a gravity score of 9.0, which makes it critical, since it could allow malicious actors to mount the host’s root file system in a container, granting them Free access to virtually anything. In addition, access can be used to start privileged containers and achieve a complete host commitment.
Nvidia says that the problem was solved in September 2024, and to address the problem, users who apply the patches launched are advised and make sure not to disable the indicator “-No-CNTLIBS” in production environments, it was said.
Through The hacker news
