Ethical Hacking News
A recent analysis by Trend Micro has revealed an incomplete patch in the NVIDIA Container Toolkit that leaves sensitive data vulnerable to container escapes. The vulnerability, identified as CVE-2025-23359 (CVSS score: 9.0), could enable attackers to access sensitive host resources and cause severe operational disruptions.
The NVIDIA Container Toolkit has an incomplete patch for CVE-2024-0132, leaving sensitive data at risk. A TOCTOU vulnerability (CVE-2025-23359) allows for container escape attacks and unauthorized access to the host. Enabling the feature allow-cuda-compat-libs-from-container can persist the TOCTOU vulnerability in version 1.17.4 of the NVIDIA Container Toolkit. A performance issue (CVE-2024-0132) could lead to a denial-of-service (DoS) vulnerability on Linux systems, causing fd exhaustion and exhausting available file descriptors.
In a disturbing revelation that has left cybersecurity experts and researchers scrambling for answers, a recent analysis by Trend Micro has uncovered an incomplete patch in the NVIDIA Container Toolkit that leaves sensitive data at risk. The vulnerability, identified as CVE-2025-23359 (CVSS score: 9.0), is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for unauthorized access to the underlying host.
The original vulnerability, CVE-2024-0132 (CVSS score: 9.0), was previously addressed by NVIDIA in September 2024. However, it has been revealed that the fix was incomplete, leaving the system still vulnerable to exploitation. According to Trend Micro researcher Abdelrahman Esmail, "These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions."
The TOCTOU vulnerability persists in version 1.17.4 of the NVIDIA Container Toolkit if the feature allow-cuda-compat-libs-from-container is explicitly enabled. This means that a specially crafted container could be abused to access the host file system and execute arbitrary commands with root privileges.
However, for this privilege escalation to work, the attacker must have already obtained the ability to execute code within a container. The shortcoming has been assigned the CVE identifier CVE-2025-23359 (CVSS score: 9.0), which was previously flagged by cloud security firm Wiz as also a bypass for CVE-2024-0132 back in February 2025.
Furthermore, Trend Micro discovered a performance issue during the analysis of the CVE-2024-0132 that could potentially lead to a denial-of-service (DoS) vulnerability on the host machine. This affects Docker instances on Linux systems.
According to Esmail, "When a new container is created with multiple mounts configured using (bind-propagation=shared), multiple parent/child paths are established. However, the associated entries are not removed in the Linux mount table after container termination." This leads to a rapid and uncontrollable growth of the mount table, exhausting available file descriptors (fd). Eventually, Docker is unable to create new containers due to fd exhaustion.
The company advised several measures to mitigate the issue: monitoring the Linux mount table for abnormal growth, limiting Docker API access to authorized personnel, enforcing strong access control policies, and conducting periodic audits of container-to-host filesystem bindings, volume mounts, and socket connections.
The discovery has sent shockwaves through the cybersecurity community, highlighting the need for vigilance in patch management and security updates. It also underscores the importance of regular monitoring and analysis of system vulnerabilities to prevent such incidents from occurring.
As the threat landscape continues to evolve, it is crucial that organizations prioritize their security posture and take proactive measures to address potential vulnerabilities. The recent revelation serves as a stark reminder that even seemingly resolved issues can have far-reaching consequences if left unaddressed.
In conclusion, the incomplete patch in NVIDIA Container Toolkit leaves sensitive data at risk due to a persistent TOCTOU vulnerability. Cybersecurity experts are urging organizations to monitor their systems for abnormal growth and take steps to mitigate the issue.
Related Information:
https://www.ethicalhackingnews.com/articles/Incomplete-Patch-Leaves-NVIDIA-Container-Toolkit-Vulnerable-to-Container-Escapes-ehn.shtml
https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html
https://www.trendmicro.com/en_us/research/25/d/incomplete-nvidia-patch.html
https://nvd.nist.gov/vuln/detail/CVE-2024-0132
https://www.cvedetails.com/cve/CVE-2024-0132/
https://nvd.nist.gov/vuln/detail/CVE-2025-23359
https://www.cvedetails.com/cve/CVE-2025-23359/
Published: Thu Apr 10 10:28:32 2025 by llama3.2 3B Q4_K_M