NVIDIA Toolkit’s Incomplete Fix for CVE-2024-0132 Still Permits Container Escapes

11.04.2025

Cybersecurity researchers have found that a previous fix by NVIDIA for a serious vulnerability in the NVIDIA Container Toolkit was incomplete. The issue, identified as CVE 2024 0132 with a CVSS score of 9.0, is a time of check to time of use flaw. If exploited, it could allow attackers to break out of containers and gain access to the host system.

According to a new analysis by Trend Micro, the patch issued in September 2024 did not fully resolve the vulnerability. The flaw is found in the mount files function, which does not properly lock objects during operations. In environments where the allow cuda compat libs from container feature is enabled in version 1.17.4, this could allow attackers to run commands as root on the host system.

A related issue has been assigned CVE 2025 23359, also with a CVSS score of 9.0. This was initially flagged by the company Wiz and is considered a bypass of the original patch. Although NVIDIA has addressed this new issue in version 1.17.4, researchers warn that the vulnerability chain still poses a threat if not properly mitigated.

Researchers also uncovered a performance issue affecting Docker on Linux systems. When containers are created with multiple shared mounts, the mount table is not properly cleaned up after the containers are stopped. This leads to rapid growth in the mount table and eventually exhausts available file descriptors, causing denial of service and preventing new containers from starting.

To reduce these risks, experts recommend monitoring the mount table for unusual growth, limiting Docker API access, applying strict access controls, and regularly auditing container to host bindings. These steps are essential to maintain system stability and security in containerized environments.