Security News > 2025 > April > Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
2025-04-10 14:13

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for


News URL

https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-0132 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system.
network
high complexity
nvidia CWE-367
8.3
8.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 235 12 178 319 15 524