Cybersecurity researchers have detailed a case of an incomplete patch for a beforehand addressed safety flaw impacting the NVIDIA Container Toolkit that, if efficiently exploited, might put delicate information in danger.
The unique vulnerability CVE-2024-0132 (CVSS rating: 9.0) is a Time-of-Test Time-of-Use (TOCTOU) vulnerability that would result in a container escape assault and permit for unauthorized entry to the underlying host.
Whereas this flaw was resolved by NVIDIA in September 2024, a brand new evaluation by Pattern Micro has revealed the repair to be incomplete and that there additionally exists a associated efficiency flaw affecting Docker on Linux that would end in a denial-of-service (DoS) situation.
“These points might allow attackers to flee container isolation, entry delicate host sources, and trigger extreme operational disruptions,” Pattern Micro researcher Abdelrahman Esmail stated in a brand new report revealed right this moment.
The truth that the TOCTOU vulnerability persists implies that a specifically crafted container could possibly be abused to entry the host file system and execute arbitrary instructions with root privileges. The flaw impacts model 1.17.4 if the function allow-cuda-compat-libs-from-container is explicitly enabled.
“The precise flaw exists throughout the mount_files perform,” Pattern Micro stated. “The difficulty outcomes from the shortage of correct locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code within the context of the host.”
Nonetheless, for this privilege escalation to work, the attacker should have already obtained the power to execute code inside a container.
The shortcoming has been assigned the CVE identifier CVE-2025-23359 (CVSS rating: 9.0), which was beforehand flagged by cloud safety agency Wiz as additionally a bypass for CVE-2024-0132 again in February 2025. It has been addressed in model 1.17.4.
The cybersecurity firm stated it additionally found a efficiency concern in the course of the evaluation of the CVE-2024-0132 that would doubtlessly result in a DoS vulnerability on the host machine. It impacts Docker situations on Linux methods.
“When a brand new container is created with a number of mounts configured utilizing (bind-propagation=shared), a number of mum or dad/little one paths are established. Nonetheless, the related entries aren’t eliminated within the Linux mount desk after container termination,” Esmail stated.
“This results in a speedy and uncontrollable development of the mount desk, exhausting accessible file descriptors (fd). Finally, Docker is unable to create new containers on account of fd exhaustion. This excessively giant mount desk results in an enormous efficiency concern, stopping customers from connecting to the host (i.e., by way of SSH).”
To mitigate the difficulty, it is suggested to watch the Linux mount desk for irregular development, restrict Docker API entry to licensed personnel, implement sturdy entry management insurance policies, and conduct periodic audits of container-to-host filesystem bindings, quantity mounts, and socket connections.
