SB2025112468 - SUSE update for nvidia-container-toolkit 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025112468

SB2025112468 - SUSE update for nvidia-container-toolkit

Published: November 24, 2025

Security Bulletin ID SB2025112468
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Medium 33% Low 56%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-0132)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition. A remote user can execute arbitrary code to the system.


2) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-0133)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in the default mode of operation. A remote user can use specially crafted container image to create empty files on the host file system.


3) UNIX symbolic link following (CVE-ID: CVE-2024-0134)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a symlink following issue. A remote user can use a specially crafted container image to create unauthorized files on the host, leading to data tampering.


4) Improper isolation or compartmentalization (CVE-ID: CVE-2024-0135)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper isolation or compartmentalization. A remote administrator can use a specially crafted container image and execute arbitrary code on the target system.


5) Improper isolation or compartmentalization (CVE-ID: CVE-2024-0136)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper isolation or compartmentalization. A remote administrator can use a specially crafted container image and execute arbitrary code on the target system.


6) Improper isolation or compartmentalization (CVE-ID: CVE-2024-0137)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper isolation or compartmentalization, which leads to security restrictions bypass and privilege escalation.


7) Untrusted search path (CVE-ID: CVE-2025-23266)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.


8) Link following (CVE-ID: CVE-2025-23267)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an insecure link following issue in the update-ldcache hook. A remote attacker can trick the victim into loading a specially crafted container image and perform data tampering or denial of service. 


9) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-23359)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition. A remote attacker can use a specially crafted container image and execute arbitrary code on the system.


Remediation

Install update from vendor's website.

References