Cybersecurity researchers have noted a concerning issue involving an incomplete patch for a previously identified flaw within the NVIDIA Container Toolkit, which poses a risk to sensitive data. The vulnerability, labeled CVE-2024-0132 with a high severity score of 9.0 (CVSS), is characterized as a Time-of-Check Time-of-Use (TOCTOU) flaw that can facilitate a container escape attack. This could enable unauthorized access to the host system.
Although NVIDIA addressed this vulnerability in September 2024, Trend Micro’s recent analysis revealed that the fix was not entirely effective. There is also a related performance flaw affecting Docker on Linux, which could create a denial-of-service (DoS) scenario.
Researchers like Abdelrahman Esmail from Trend Micro emphasize the severity of these issues, stating, "These problems could allow attackers to break out of container isolation, access sensitive host resources, and disrupt operations significantly." The persistent TOCTOU vulnerability means that a specially crafted container can potentially exploit the host file system and execute arbitrary commands with root privileges, particularly in version 1.17.4 if the feature allowing CUDA compatibility libraries from containers is enabled.
Trend Micro explained that the vulnerability resides in the mount_files function and results from inadequate locking mechanisms during operations on an object. This shortcoming enables privilege escalation and arbitrary code execution in the context of the host. To exploit this flaw, an attacker must first gain the ability to execute code within a container.
This flaw is noted as CVE-2025-23359, which also carries a CVSS score of 9.0. It was identified earlier by Wiz as a bypass for CVE-2024-0132 in February 2025 and has been addressed in version 1.17.4.
In addition, researchers discovered a performance problem during their investigation of CVE-2024-0132 that could lead to a DoS vulnerability on the host machine affecting Docker instances on Linux. When a new container is created with multiple mounts configured as shared, the corresponding entries become tangled in the Linux mount table after container termination, leading to significant growth in this table. This rapid growth can exhaust available file descriptors, preventing Docker from creating new containers and causing a major performance decline, effectively isolating users from accessing the host (such as via SSH).
To address these issues, experts recommend actively monitoring the Linux mount table for unusual expansions, restricting Docker API access to authorized personnel, enforcing strong access control policies, and conducting regular audits of container-to-host file system bindings, volume mounts, and socket connections.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.