Cybersecurity researchers have talked about incomplete patch for a previously addressed security deficiency, which affects the NVIDIA Container toolkit, which can be threatened by successful use.
Original vulnerability Cve-2024-0132 (CVSS assessment: 9.0) -This vulnerability of time checking (TOCTOU), which can lead to the attack of the container and allow unauthorized access to the main host.
Although this deficiency was resolved by Nvidia in September 2024, the new Trend Micro analysis showed that the correction would be incomplete, and that there is also a related efficiency that affects the Docker on Linux, which could lead to a service refusal (DOS).
“These problems can allow attackers to avoid the container’s insulation, access to resources that feel access – Note In a new report published today.
The fact that the vulnerability of TOCTOUS means that a specially created container can be abused to access the Hosto file and execution of arbitrary commands with root privileges. The disadvantage affects the version 1.17.4 if the function allows CUDA-Compat-Libs-under the container is clearly included.
“Specific drawback exists in Mount_files function”, Trend Micro – Note. “The problem arises as a result of the lack of proper blocking when performing operations at the facility. The attacker can use this vulnerability to escalate privileges and perform arbitrary code in the context of the host.”
However, for this privilege of escalation to work, the attacker must have been able to execute the code in the container.
Near was the Cve ID has been assigned Cve-2025-2359 (CVSS Assessment: 9.0), which previously was labeled Wiz Wiz Cloud Security Wiz, as well as treatment for CVE-2024-0132 back in February 2025. It was address In version 1.17.4.
Cybersecurity company said it also revealed the productivity problem during the CVE-2024-0132 analysis, which could potentially lead to DOS vulnerability by the host car. This affects the Docker instances on Linux Systems.
“If a new container with multiple mounts, customized (Bind-Propagation = common), several parents/children are created.
“This leads to the rapid and uncontrolled growth of the attachment table, the debilitating available file descriptors (FD). After all, the Docker is unable to create new containers with the fD exhaust.
To soften the problem, it is recommended to monitor the Linux mounting table for pathological growth, limit Docker API to authorized staff, pursue a solid access control policy and pursue periodic checks of the file system, attachment of volumes and socket connection.
