Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-126
Advisory Released Date: 2025-07-17
Advisory Updated Date: 2025-07-17
Severity:
Critical
Issue Overview:
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. (CVE-2025-23266)
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. (CVE-2025-23267)
Affected Packages:
libnvidia-container
Issue Correction:
Run dnf update libnvidia-container --releasever latest or dnf update --advisory ALAS2023NVIDIA-2025-126 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
x86_64:
libnvidia-container-devel-1.17.8-1.x86_64
libnvidia-container-libseccomp2-1.17.8-1.x86_64
libnvidia-container-static-1.17.8-1.x86_64
libnvidia-container-tools-1.17.8-1.x86_64
libnvidia-container1-1.17.8-1.x86_64
libnvidia-container1-debuginfo-1.17.8-1.x86_64