CGA-qr4q-976m-gxf8

Published

Last updated

https://images.chainguard.dev/security/CGA-qr4q-976m-gxf8

Package

nvidia-container-toolkit

Latest Update

Fixed

Fixed Version

1.16.2-r0

Aliases

Severity

9.0

Critical

CVSS V3

Summary

Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-mjjw-553x-87pq. This link is maintained to preserve external references.

Original Description

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-qr4q-976m-gxf8

Severity

Summary

Description

Duplicate Advisory

Original Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources