NVIDIA toolkit: Time-of-Check Time-of-Use (TOCTOU) race condition in NVIDIA Container Toolkit and GPU Operator (CVE-2025-23359) #shorts

Summary

CVE-2025-23359 is a Time-of-Check Time-of-Use (TOCTOU) race condition in the NVIDIA Container Toolkit for Linux. When running with default settings, a malicious container image can exploit this timing window to gain unauthorized access to the host file system. Successful exploitation may lead to code execution, privilege escalation, denial of service, information disclosure, or data tampering.

Product details

The vulnerability affects all versions of NVIDIA Container Toolkit up to and including 1.17.3, and the NVIDIA GPU Operator up to and including version 24.9.1. It is present when the toolkit is installed on Linux hosts and used to manage GPU resources inside containers. Several Linux distributions, including Fedora 40, 41, and 42, have issued updates or upgraded the toolkit to version 1.17.4 to address this issue.

Vulnerability type summary

This issue is classified as CWE-367: Time-of-Check Time-of-Use (TOCTOU) race condition. In a TOCTOU vulnerability, an attacker races the system between the moment a resource is checked for permissions and the moment it is used. If the attacker can modify the resource in between those two events, they can bypass security checks and perform unauthorized actions.

Details of the vulnerability

In default configurations, the NVIDIA Container Toolkit performs file system checks before granting containerized processes access to host directories. A crafted container image can exploit the TOCTOU window by replacing or modifying a target file or directory between the check and the use stages. This allows the container to break out of isolation and manipulate critical host files. An attacker with container image publishing capabilities or control over a container runtime can trigger arbitrary code execution, elevate privileges, disrupt services, or exfiltrate sensitive data.

Conclusion

Administrators and users of NVIDIA Container Toolkit and GPU Operator should upgrade to the fixed releases immediately. Fedora users can apply the updates provided in Fedora 40, 41, or install version 1.17.4 as available in Fedora 42. Reviewing container security configurations and limiting untrusted image sources can further reduce the risk of exploitation. Staying current with vendor advisories and applying timely patches is the best defense against TOCTOU and other container escape vulnerabilities.

Watch the full video on YouTube: CVE-2025-23359

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2025-23359
Description
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Provider
nvidia
CWE / problem types
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Affected Software Versions
NVIDIA:Container Toolkit:[{'status': 'affected', 'version': 'All versions up to and including 1.17.3'}],NVIDIA:GPU Operator:[{'status': 'affected', 'version': 'All versions up to and including 24.9.1'}]
Date Published
2025-02-12T00:52:43.646Z
Last Updated
2025-04-11T13:24:14.643Z