ALAS2023NVIDIA-2025-125

Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-125
Advisory Released Date: 2025-07-17
Advisory Updated Date: 2025-07-17

Severity: Critical

References: CVE-2025-23266 CVE-2025-23267
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

Affected Packages:

nvidia-container-toolkit

Issue Correction:
Run dnf update nvidia-container-toolkit --releasever 2023.8.20250715 to update your system.

New Packages:

x86_64:
    nvidia-container-toolkit-1.17.8-1.x86_64
    nvidia-container-toolkit-base-1.17.8-1.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-23266, CVE-2025-23267

Mitre: CVE-2025-23266, CVE-2025-23267