NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/NVIDIA/nvidia-container-toolkit(Go) | 0 | 1.17.8 | N/A |
| github.com/NVIDIA/k8s-device-plugin(Go) | 0 | 0.17.3 | N/A |
| github.com/NVIDIA/gpu-operator(Go) | 0 | 25.3.2 | N/A |
| github.com/NVIDIA/mig-parted(Go) | 0 | 0.12.2 | N/A |
CVSS Metrics
