SUSE-SU-2025:4187-1

Advisory lineage Upstream: 9 Downstream: 0
Published: 24 Nov 2025, 07:58
Last modified:23 Mar 2026, 04:51

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Nov 2025, 07:58
Published
Vulnerability first disclosed
23 Mar 2026, 04:51
Last Modified
Vulnerability information updated

Description

Security update for nvidia-container-toolkit This update for nvidia-container-toolkit fixes the following issues: - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification instead of defaulting to the legacy mode. - Added a systemd unit to generate CDI specifications for available devices automatically. This allows native CDI support in container engines such as Docker and Podman to be used without additional steps. - Security issues fixed: - CVE-2024-0133: Fixed data tampering in host file system via specially crafted container image (bsc#1231032) - CVE-2024-0132: Fixed time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033) - CVE-2024-0134: Fixed specially-crafted container image can lead to the creation of unauthorized files on the host (bsc#1232855) - CVE-2024-0135: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236496) - CVE-2024-0136: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236497) - CVE-2024-0137: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236498) - CVE-2025-23359: Fixed TOCTOU Vulnerability in NVIDIA Container Toolkit (bsc#1237085) - CVE-2025-23267: Fixed link following can lead to container escape (bsc#1246614) - CVE-2025-23266: Fixed hook initialization might lead to escalation of privileges (bsc#1246860)

Affected Systems

  • opensusenvidia-container-toolkit&distro=openSUSE Leap 15.6

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Enterprise Storage 7.1

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Module for Containers 15 SP6

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Module for Containers 15 SP7

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Server 15 SP4-LTSS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Server 15 SP5-LTSS

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4

    < 1.18.0-150200.5.17.1

  • susenvidia-container-toolkit&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5

    < 1.18.0-150200.5.17.1

References (19)