🪴 Anil's Garden

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

08 Aug 20254 min read

AWS EKS Security Best Practices

Incomplete Patch in NVIDIA Toolkit

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.

The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for unauthorized access to the underlying host.

While this flaw was resolved by NVIDIA in September 2024, a new analysis by Trend Micro has revealed the fix to be incomplete and that there also exists a related performance flaw affecting Docker on Linux that could result in a denial-of-service (DoS) condition.

Cybersecurity

“These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions,” Trend Micro researcher Abdelrahman Esmail said in a new report published today.

The fact that the TOCTOU vulnerability persists means that a specially crafted container could be abused to access the host file system and execute arbitrary commands with root privileges. The flaw impacts version 1.17.4 if the feature allow-cuda-compat-libs-from-container is explicitly enabled.

“The specific flaw exists within the mount_files function,” Trend Micro said. “The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host.”

However, for this privilege escalation to work, the attacker must have already obtained the ability to execute code within a container.

The shortcoming has been assigned the CVE identifier CVE-2025-23359 (CVSS score: 9.0), which was previously flagged by cloud security firm Wiz as also a bypass for CVE-2024-0132 back in February 2025. It has been addressed in version 1.17.4.

The cybersecurity company said it also discovered a performance issue during the analysis of the CVE-2024-0132 that could potentially lead to a DoS vulnerability on the host machine. It affects Docker instances on Linux systems.

Identity Security Risk Assessment

“When a new container is created with multiple mounts configured using (bind-propagation=shared), multiple parent/child paths are established. However, the associated entries are not removed in the Linux mount table after container termination,” Esmail said.

“This leads to a rapid and uncontrollable growth of the mount table, exhausting available file descriptors (fd). Eventually, Docker is unable to create new containers due to fd exhaustion. This excessively large mount table leads to a huge performance issue, preventing users from connecting to the host (i.e., via SSH).”

To mitigate the issue, it’s advised to monitor the Linux mount table for abnormal growth, limit Docker API access to authorized personnel, enforce strong access control policies, and conduct periodic audits of container-to-host filesystem bindings, volume mounts, and socket connections.

SHARE

c

c

Cybersecurity Webinars

Typosquatting, Repojacking and Chaos

A Practical Path to Python Supply Chain Defense

[

Python’s package ecosystem is under siege—join us to learn how to lock down your supply chain before attackers lock you out.

](https://thehacker.news/safeguarding-python-supply-chain?source=below)Designing Secure AI Apps with Identity-First Approach

Outsmarting AI Attacks

As AI reshapes the threat landscape, identity is emerging as the most scalable—and critical—line of defense.

View original

Latest News

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection…

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a po…

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts…

Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersona…

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown…

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial…

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed T

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed T…

Just as triathletes know that peak performance requires more than expensive gear, cybersecurity te…

Cybersecurity Resources

Expert Insights Articles Videos

Expert Insights

EDR Detects, EPM Prevents. Why Using Both is a Winning Formula for Modern Endpoint Protection

[

July 28, 2025 Read ➝

](https://thehackernews.com/expert-insights/2025/07/edr-detects-epm-prevents-why-using-both.html)Empower Users and Protect Against GenAI Data Loss

Expert Insights

July 22, 2025 Read ➝

View originalHow to “Go Passwordless” Without Getting Rid of Passwords

Expert Insights

July 21, 2025 Read ➝

View originalEverything to Know about Runtime Reachability

Expert Insights

July 12, 2025 Read ➝

View original

//]]>

Graph View

Backlinks