{"id":"AZL-56852","summary":"CVE-2025-23359 affecting package nvidia-container-toolkit for versions less than 1.17.4-1","details":"NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.","modified":"2026-04-21T04:36:48.891460Z","published":"2025-02-12T01:15:09Z","upstream":["CVE-2025-23359"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23359"}],"affected":[{"package":{"name":"nvidia-container-toolkit","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/nvidia-container-toolkit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.4-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56852.json"}}],"schema_version":"1.7.5"}