Cyber security researchers have expanded an incomplete patch for the pre -addressed safety defects affecting the Nvidia container toolkit, which can risk sensitive data, when successfully exploitation.
The original vulnerability cve-2024-0132 (CVSS Score: 9.0) is a time-time-time-use vulnerability that can give rise to a container escape attack and allow unauthorized access to the underlying hosts.
While this defect was resolved by NVIDIA in September 2024, a new analysis by the trend micro has revealed the fixation and also that there is also a related demonstration defect affecting the doctor on Linux, resulting in a condition of an refusal-service (DOS).
Trend Micro researcher Abdererahman Esmel said in a new report published today, “These issues can cause attackers to avoid container isolation, reach sensitive host resources and cause serious operating disruption.”
The fact that toctou vulnerability persists, which means that a specially designed container can be misused to access the host file system and execute arbitrary command with root privileges. The defect version affects 1.17.4 if the feature allows-Kuda-Campet-Libs-to-Cantner is clearly capable.
Trend Micro said, “Specific defects exist within the mount_files function.” “The problem is due to lack of proper locking while operating on an object. An attacker can take advantage of this vulnerability to increase privileges and execute arbitrary code in terms of hosts.”
However, to increase this privilege to work, the attacker must already have the ability to execute the code within a container.
The deficiency is assigned the CVE Identifier CVE-2025-23359 (CVSS Score: 9.0), which was previously flown by Cloud Security Firm Wiz, as well as a bypass for Cve-2024-0132 in February 2025. It is addressed in version 1.17.4.
The cyber security company stated that it discovered a performance issue during an analysis of CVE-2024-0132, which could potentially lead to a dos vulnerability on the host machine. This affects the ipar examples on the linux system.
“When a new container is made with multiple mounts, it is configured using (bind-Properation = shared), many parents/child tracts are installed. However, the related entries are not removed in the Linux Mount Table after the container ends,” Esmail said.
“It leads to rapid and uncontrollable growth of the mount table, eliminating the available file descripter (FD). Finally, Docker FD is unable to create new containers due to FD exhaustion. It leads to a huge mount table leading to a huge performance problem, preventing users from connecting to the host (ie, through SSH).
To reduce this issue, it is advisable to monitor the Linux Mount Table for an abnormal growth, limit API access to authorized personnel, implement strong access control policies and to operate a periodic audit of container-to-host file system bindings, volume mounts and socket connections.
