doc-exports/docs/cce/umn/CVE-2025-23266.html

<a name="CVE-2025-23266"></a><a name="CVE-2025-23266"></a>

<h1 class="topictitle1">Notice of the NVIDIA Container Toolkit Container Escape Vulnerabilities (CVE-2025-23266 and CVE-2025-23267)</h1>
<div id="body32001227"><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p1318192817101">NVIDIA Container Toolkit is an open-source tool package from NVIDIA. It allows you to use NVIDIA GPUs to speed up computing in a containerized environment. The toolkit includes a container runtime library and utilities for automatically configuring containers to leverage NVIDIA GPUs.</p>
<div class="section" id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_section1217032912611"><h4 class="sectiontitle">Description</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_en-us_topic_0193581139_table1565618845915" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Vulnerability details</caption><thead align="left"><tr id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_en-us_topic_0193581139_row065718811595"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.2.2.5.1.1"><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_en-us_topic_0193581139_p265798165915">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.2.2.5.1.2"><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_en-us_topic_0193581139_p465798195911">CVE-ID</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.2.2.5.1.3"><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p197165314415">Severity</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.2.2.5.1.4"><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p568860163217">Discovered</p>
</th>
</tr>
</thead>
<tbody><tr id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_en-us_topic_0193581139_row1120510564498"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.1 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p111259410113">Container escape</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.2 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p8553132017127"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23266" target="_blank" rel="noopener noreferrer">CVE-2025-23266</a></p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.3 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p16697543175417">Critical</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.4 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_p26882020325">2025-07-17</p>
</td>
</tr>
<tr id="CVE-2025-23266__en-us_topic_0000002394138741_row1682703812545"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.1 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_p1282723817549">Data tampering and denial of service</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.2 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_p8827103865410"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23267" target="_blank" rel="noopener noreferrer">CVE-2025-23267</a></p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.3 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_p19827193895419">High</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.5.1.4 "><p id="CVE-2025-23266__en-us_topic_0000002394138741_p4827193818547">2025-07-17</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_section122155314507"><h4 class="sectiontitle">Impact</h4><p id="CVE-2025-23266__en-us_topic_0000002394138741_p556962214815">In NVIDIA Container Toolkit v1.17.7 and earlier versions, an attacker can run a malicious image, which may result in container escape and enables the attacker to obtain host permissions. Successful exploitation of these vulnerabilities may enable privilege escalation, data tampering, information leakage, and denial of service.</p>
</div>
<div class="section" id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_section226916579125"><h4 class="sectiontitle">Identification Method</h4><ol id="CVE-2025-23266__en-us_topic_0000002394138741_ol10950421495"><li id="CVE-2025-23266__en-us_topic_0000002394138741_li495092894">If the cluster does not have the CCE AI Suite (NVIDIA GPU) add-on installed or the add-on version is earlier than 2.0.0, these vulnerabilities are not relevant.<p id="CVE-2025-23266__en-us_topic_0000002394138741_p75860359503"><a name="CVE-2025-23266__en-us_topic_0000002394138741_li495092894"></a><a name="en-us_topic_0000002394138741_li495092894"></a></p>
<p id="CVE-2025-23266__en-us_topic_0000002394138741_p11444832219"></p>
<div class="note" id="CVE-2025-23266__en-us_topic_0000002394138741_note131811144201810"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="CVE-2025-23266__en-us_topic_0000002394138741_p558861081414">In earlier versions, CCE AI Suite (NVIDIA GPU) add-on are named gpu-beta or gpu-device-plugin.</p>
</div></div>
</li><li id="CVE-2025-23266__en-us_topic_0000002394138741_li68144233118">If the CCE AI Suite (NVIDIA GPU) add-on version is in the range of 2.0.0 to 2.2.1 or 2.5.0 to 2.8.1, log in to the GPU node and run the following command:<pre class="screen" id="CVE-2025-23266__en-us_topic_0000002394138741_screen1081432133116">nvidia-container-runtime --version</pre>
<ul id="CVE-2025-23266__en-us_topic_0000002394138741_ul191419819590"><li id="CVE-2025-23266__en-us_topic_0000002394138741_li12141128135919">If no such command is displayed, these vulnerabilities are not present.</li><li id="CVE-2025-23266__en-us_topic_0000002394138741_li914114815594">If the version of nvidia-container-runtime is earlier than 1.17.8, these vulnerabilities are present.<p id="CVE-2025-23266__en-us_topic_0000002394138741_p155991657125816"><a name="CVE-2025-23266__en-us_topic_0000002394138741_li914114815594"></a><a name="en-us_topic_0000002394138741_li914114815594"></a><span><img id="CVE-2025-23266__en-us_topic_0000002394138741_image15351143412490" src="en-us_image_0000002365047420.png"></span></p>
</li></ul>
</li></ol>
</div>
<div class="section" id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_section0651319327"><h4 class="sectiontitle">Solution</h4><p id="CVE-2025-23266__en-us_topic_0000002394138741_p104132591912">Do not run an untrusted container image in the cluster before the vulnerabilities are fixed.</p>
<p id="CVE-2025-23266__en-us_topic_0000002394138741_p93366712281">CCE has released a new version of the CCE AI Suite (NVIDIA GPU) add-on to fix these vulnerabilities. Upgrade the add-on to the fixed version. For details, see <a href="cce_10_0141.html">CCE AI Suite (NVIDIA GPU) Release History</a>.</p>
</div>
<div class="section" id="CVE-2025-23266__en-us_topic_0000002394138741_en-us_topic_0000001159663171_section183061740102419"><h4 class="sectiontitle">Helpful Links</h4><p id="CVE-2025-23266__en-us_topic_0000002394138741_p174671921175419">NVIDIA Container Toolkit Security Bulletin: <a href="https://nvidia.custhelp.com/app/answers/detail/a_id/5659" target="_blank" rel="noopener noreferrer">https://nvidia.custhelp.com/app/answers/detail/a_id/5659</a></p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bulletin_0169.html">Security Vulnerability Responses</a></div>
</div>
</div>