Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-125
Advisory Released Date: 2025-07-17
Advisory Updated Date: 2025-07-17
Severity:
Critical
Issue Overview:
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. (CVE-2025-23266)
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. (CVE-2025-23267)
Affected Packages:
nvidia-container-toolkit
Issue Correction:
Run dnf update nvidia-container-toolkit --releasever latest or dnf update --advisory ALAS2023NVIDIA-2025-125 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
x86_64:
nvidia-container-toolkit-1.17.8-1.x86_64
nvidia-container-toolkit-base-1.17.8-1.x86_64