NVIDIA Container Toolkit Patch Flaw Exposes Systems to Attacks

Cybersecurity researchers have found that a patch for a previous security issue wasn't quite complete. This means your sensitive data could still be at risk if someone manages to exploit the remaining vulnerability.

The original problem, tracked as CVE-2024-0132, was a pretty serious "Time-of-Check Time-of-Use" (TOCTOU) vulnerability. Think of it like this: an attacker could potentially break out of a container and gain unauthorized access to the main system.

NVIDIA released a fix back in September 2024, but Trend Micro's latest analysis shows it didn't fully address the issue. Worse, they've also uncovered a related performance problem with Docker on Linux, which could lead to a denial-of-service (DoS) situation – basically, crashing the system.

"These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions," explains Trend Micro researcher Abdelrahman Esmail in their new report.

The problem is that the TOCTOU vulnerability is still hanging around. A carefully crafted container could still be used to access the host's file system and run commands with root privileges. This affects version 1.17.4 if you've explicitly enabled the allow-cuda-compat-libs-from-container feature.

Trend Micro pinpoints the exact location of the flaw: "The specific flaw exists within the mount_files function," they noted. "The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host."

Keep in mind that to exploit this privilege escalation, an attacker would first need to find a way to run code inside a container.

This lingering issue has been assigned CVE-2025-23359. Cloud security firm Wiz actually flagged it as a bypass for CVE-2024-0132 way back in February 2025. The good news is NVIDIA says it's addressed in version 1.17.4.

During their analysis of CVE-2024-0132, Trend Micro also stumbled upon a performance issue that could cause a DoS vulnerability on the host machine, specifically affecting Docker instances on Linux systems.

"When a new container is created with multiple mounts configured using (bind-propagation=shared), multiple parent/child paths are established. However, the associated entries are not removed in the Linux mount table after container termination," Esmail explained.

The result? "This leads to a rapid and uncontrollable growth of the mount table, exhausting available file descriptors (fd). Eventually, Docker is unable to create new containers due to fd exhaustion. This excessively large mount table leads to a huge performance issue, preventing users from connecting to the host (i.e., via SSH)."

So, what can you do to protect yourself? Here's some advice:

• Keep an eye on your Linux mount table for unexpected growth.
• Limit Docker API access to only authorized personnel.
• Enforce strong access control policies.
• Regularly audit container-to-host filesystem bindings, volume mounts, and socket connections.