repository icon
nvidia / nvidia-container-toolkit Project repository

Build and run containers leveraging NVIDIA GPUs

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN11 DAYS

FIX

WITHINN/A DAYS

Command injection via container environment variables in nvidia-container-runtim...
eistee82
pending
TOCTOU Race Condition in create-symlinks and cudacompat CDI Hooks Due to Incompl...
aviral2642
pending
Local Privilege Escalation in nvidia-ctk via --executable-path
optisy
pending
[CWE-59] Symlink-following path traversal in chmod hook enables container-to-hos...
shima-coder
duplicate
High
[CWE-190/CWE-125] Integer Overflow in alignUp and Out-of-Bounds Read in trim via...
shima-coder
pending
[CWE-125] Out-of-Bounds Slice Access via Untrusted ELF Note Header Fields in nvi...
shima-coder
pending
Container Breakout & Host-Root Escalation via Config Path Resolution Flaw
orel-asper
duplicate
Critical
Symlink-based root escape in nvidia-ctk cdi generate --mode=csv produces CDI mou...
saamsuz
pending
Root-containment bypass in `nvidia-ctk cdi transform root` rewrites near-prefix...
saamsuz
pending
Unprivileged `cdi.k8s.io/*` annotation requests bypass `accept-nvidia-visible-de...
saamsuz
pending
Arbitrary File Write via Symlink TOCTOU Race in spec_file.go Flush() — os.Create...
shima-coder
pending
Container Escape via Symlink Traversal in chmod CDI Hook — Missing FollowSymlink...
shima-coder
duplicate
High
Container Escape via TOCTOU Race in CDI Hook Symlink Resolution
wernerina
duplicate
High
Container Escape via Symlink Following in chmod CDI Hook. Host Filesystem permis...
venkatatadu
pending
Container Escape and Privilege Escalation via Malicious GPU Device Mounting
sebas5207418
pending
Arbitrary File Write and Path Traversal via Unsanitized CRIO_HOOKS_DIR / CRIO_HO...
makeeverythingwithai-sketch
duplicate
High
Unchecked ELF note lengths in `enable-cuda-compat` hook cause panic and containe...
makeeverythingwithai-sketch
self closed
Command Injection via Unescaped Shell Invocation — Complete Report & Fixes
7908837174
pending
TOCTOU Race Condition in Device Node Creation Allows Arbitrary File Permission...
lea75008
pending
Pre-start root code execution inside GPU containers via update-ldcache hook pivo...
itsbalvant
pending
Local YUM Repository Disabled by Default in entrypoint.sh Scripts for CentOS 8 a...
sanjay20m
pending
Improper Input Validation in nvidia-ctk config Allows Arbitrary Key Injection in...
bahaashawish1
pending
Arbitrary Host Binary Execution via Feature-Gated ldconfig Path in NVIDIA Contai...
darkeeeandme
pending
HTTP Request Smuggling via Go net/http in NVIDIA Container Toolkit (CVE‑2025‑228...
osama55-coder
pending
Privilege Escalation in NVIDIA Container Runtime Hook via Forged HookState and c...
michaelpierre
pending