NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-367" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-10-29T19:48:11Z" }