Security update for nvidia-container-toolkit SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4187-1 Final 1 1 2025-11-24T07:58:47Z current 2025-11-24T07:58:47Z 2025-11-24T07:58:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nvidia-container-toolkit This update for nvidia-container-toolkit fixes the following issues: - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification instead of defaulting to the legacy mode. - Added a systemd unit to generate CDI specifications for available devices automatically. This allows native CDI support in container engines such as Docker and Podman to be used without additional steps. - Security issues fixed: - CVE-2024-0133: Fixed data tampering in host file system via specially crafted container image (bsc#1231032) - CVE-2024-0132: Fixed time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033) - CVE-2024-0134: Fixed specially-crafted container image can lead to the creation of unauthorized files on the host (bsc#1232855) - CVE-2024-0135: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236496) - CVE-2024-0136: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236497) - CVE-2024-0137: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236498) - CVE-2025-23359: Fixed TOCTOU Vulnerability in NVIDIA Container Toolkit (bsc#1237085) - CVE-2025-23267: Fixed link following can lead to container escape (bsc#1246614) - CVE-2025-23266: Fixed hook initialization might lead to escalation of privileges (bsc#1246860) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4187,SUSE-SLE-Module-Containers-15-SP6-2025-4187,SUSE-SLE-Module-Containers-15-SP7-2025-4187,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4187,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4187,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4187,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4187,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4187,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4187,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4187,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4187,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4187,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4187,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4187,SUSE-Storage-7.1-2025-4187,openSUSE-SLE-15.6-2025-4187 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ Link for SUSE-SU-2025:4187-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023342.html E-Mail link for SUSE-SU-2025:4187-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1231032 SUSE Bug 1231032 https://bugzilla.suse.com/1231033 SUSE Bug 1231033 https://bugzilla.suse.com/1232855 SUSE Bug 1232855 https://bugzilla.suse.com/1236496 SUSE Bug 1236496 https://bugzilla.suse.com/1236497 SUSE Bug 1236497 https://bugzilla.suse.com/1236498 SUSE Bug 1236498 https://bugzilla.suse.com/1237085 SUSE Bug 1237085 https://bugzilla.suse.com/1246614 SUSE Bug 1246614 https://bugzilla.suse.com/1246860 SUSE Bug 1246860 https://www.suse.com/security/cve/CVE-2024-0132/ SUSE CVE CVE-2024-0132 page https://www.suse.com/security/cve/CVE-2024-0133/ SUSE CVE CVE-2024-0133 page https://www.suse.com/security/cve/CVE-2024-0134/ SUSE CVE CVE-2024-0134 page https://www.suse.com/security/cve/CVE-2024-0135/ SUSE CVE CVE-2024-0135 page https://www.suse.com/security/cve/CVE-2024-0136/ SUSE CVE CVE-2024-0136 page https://www.suse.com/security/cve/CVE-2024-0137/ SUSE CVE CVE-2024-0137 page https://www.suse.com/security/cve/CVE-2025-23266/ SUSE CVE CVE-2025-23266 page https://www.suse.com/security/cve/CVE-2025-23267/ SUSE CVE CVE-2025-23267 page https://www.suse.com/security/cve/CVE-2025-23359/ SUSE CVE CVE-2025-23359 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Containers 15 SP6 SUSE Linux Enterprise Module for Containers 15 SP7 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 openSUSE Leap 15.6 nvidia-container-toolkit-1.18.0-150200.5.17.1 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Enterprise Storage 7.1 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Module for Containers 15 SP6 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Module for Containers 15 SP7 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 nvidia-container-toolkit-1.18.0-150200.5.17.1 as a component of openSUSE Leap 15.6 NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2024-0132 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2024-0132.html CVE-2024-0132 https://bugzilla.suse.com/1231033 SUSE Bug 1231033 NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. CVE-2024-0133 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2024-0133.html CVE-2024-0133 https://bugzilla.suse.com/1231032 SUSE Bug 1231032 NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering. CVE-2024-0134 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2024-0134.html CVE-2024-0134 https://bugzilla.suse.com/1232855 SUSE Bug 1232855 NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2024-0135 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2024-0135.html CVE-2024-0135 https://bugzilla.suse.com/1236496 SUSE Bug 1236496 NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2024-0136 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2024-0136.html CVE-2024-0136 https://bugzilla.suse.com/1236497 SUSE Bug 1236497 NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host's network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges. CVE-2024-0137 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2024-0137.html CVE-2024-0137 https://bugzilla.suse.com/1236498 SUSE Bug 1236498 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. CVE-2025-23266 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2025-23266.html CVE-2025-23266 https://bugzilla.suse.com/1246860 SUSE Bug 1246860 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. CVE-2025-23267 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2025-23267.html CVE-2025-23267 https://bugzilla.suse.com/1246614 SUSE Bug 1246614 NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2025-23359 SUSE Enterprise Storage 7.1:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP6:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Module for Containers 15 SP7:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP4-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server 15 SP5-LTSS:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:nvidia-container-toolkit-1.18.0-150200.5.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:nvidia-container-toolkit-1.18.0-150200.5.17.1 openSUSE Leap 15.6:nvidia-container-toolkit-1.18.0-150200.5.17.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254187-1/ https://www.suse.com/security/cve/CVE-2025-23359.html CVE-2025-23359 https://bugzilla.suse.com/1237085 SUSE Bug 1237085