Mitigations include restricting Docker access: CVE-2024-0132 first received a fix in September 2024, which did not fully patch the flaw and left a patch bypass issue tracked as CVE-2025-23359. Nvidia fixed the bypass in February which Trend Micro believes to be lacking.The problem is that the fix, issued with the version 1.17.4 update, includes an optional feature flag “allow-cuda-compat-libs-from-containers” to roll back to unpatched settings, which will realize CVE-2024-0132. Queries emailed to Nvidia over patch incompleteness did not elicit a response until the publishing of this article. To fully protect systems from exploitation, Trend Micro recommends disabling this optional feature at all times. Additionally, to ward off DOS attempts, access to Docker API must be limited to authorized personnel only.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3962744/incomplete-patching-leaves-nvidia-docker-exposed-to-dos-attacks.html
