File _patchinfo of Package patchinfo.41631
<patchinfo incident="41631">
<issue tracker="cve" id="2024-0132"/>
<issue tracker="cve" id="2025-23266"/>
<issue tracker="cve" id="2024-0136"/>
<issue tracker="cve" id="2025-23359"/>
<issue tracker="cve" id="2024-0135"/>
<issue tracker="cve" id="2024-0137"/>
<issue tracker="cve" id="2024-0133"/>
<issue tracker="cve" id="2025-23267"/>
<issue tracker="cve" id="2024-0134"/>
<issue tracker="bnc" id="1236498">VUL-0: CVE-2024-0137: nvidia-container-toolkit: nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit</issue>
<issue tracker="bnc" id="1237085">VUL-0: CVE-2025-23359: nvidia-container-toolkit: nvidia-container-toolkit: TOCTOU Vulnerability in NVIDIA Container Toolkit</issue>
<issue tracker="bnc" id="1236497">VUL-0: CVE-2024-0136: nvidia-container-toolkit: nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit</issue>
<issue tracker="bnc" id="1231033">VUL-0: CVE-2024-0132: nvidia-container-toolkit: time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image</issue>
<issue tracker="bnc" id="1246860">VUL-0: CVE-2025-23266: nvidia-container-toolkit: hook initialization might lead to escalation of privileges</issue>
<issue tracker="bnc" id="1231032">VUL-0: CVE-2024-0133: nvidia-container-toolkit: data tampering in host file system via specially crafted container image</issue>
<issue tracker="bnc" id="1246614">VUL-0: CVE-2025-23267: nvidia-container-toolkit: link following can lead to container escape</issue>
<issue tracker="bnc" id="1236496">VUL-0: CVE-2024-0135: nvidia-container-toolkit: nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit</issue>
<issue tracker="bnc" id="1232855">VUL-0: CVE-2024-0134: nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host</issue>
<packager>msmeissn</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for nvidia-container-toolkit</summary>
<description>This update for nvidia-container-toolkit fixes the following issues:
- Update to version 1.18.0:
- This is a major release and includes the following high-level changes:
- The default mode of the NVIDIA Container Runtime has been updated to make use
of a just-in-time-generated CDI specification instead of defaulting to the legacy mode.
- Added a systemd unit to generate CDI specifications for available devices automatically. This allows
native CDI support in container engines such as Docker and Podman to be used without additional steps.
- Security issues fixed:
- CVE-2024-0133: Fixed data tampering in host file system via specially
crafted container image (bsc#1231032)
- CVE-2024-0132: Fixed time-of-check time-of-use (TOCTOU) race condition
in default configuration via specifically crafted container image
(bsc#1231033)
- CVE-2024-0134: Fixed specially-crafted container image can lead to
the creation of unauthorized files on the host (bsc#1232855)
- CVE-2024-0135: Fixed Improper Isolation or Compartmentalization in
NVIDIA Container Toolkit (bsc#1236496)
- CVE-2024-0136: Fixed Improper Isolation or Compartmentalization in
NVIDIA Container Toolkit (bsc#1236497)
- CVE-2024-0137: Fixed Improper Isolation or Compartmentalization in
NVIDIA Container Toolkit (bsc#1236498)
- CVE-2025-23359: Fixed TOCTOU Vulnerability in NVIDIA Container Toolkit
(bsc#1237085)
- CVE-2025-23267: Fixed link following can lead to container escape
(bsc#1246614)
- CVE-2025-23266: Fixed hook initialization might lead to escalation
of privileges (bsc#1246860)
</description>
</patchinfo>
