x/vulndb: potential Go vuln in github.com/NVIDIA/mig-parted: GHSA-vmg3-7v43-9g23 #3992
Description
Advisory GHSA-vmg3-7v43-9g23 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/NVIDIA/mig-parted |
Description:
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
References:
- ADVISORY: GHSA-vmg3-7v43-9g23
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-23266
- WEB: https://github.com/NVIDIA/gpu-operator
- WEB: https://github.com/NVIDIA/k8s-device-plugin
- WEB: https://github.com/NVIDIA/mig-parted
- WEB: https://github.com/NVIDIA/nvidia-container-toolkit
- WEB: https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266
- WEB: https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266-part-2
- WEB: https://news.ycombinator.com/item?id=44818412
- WEB: https://nvidia.custhelp.com/app/answers/detail/a_id/5659
- WEB: https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/NVIDIA/mig-parted
versions:
- fixed: 0.12.2
non_go_versions:
- fixed: 0.17.3
- fixed: 1.17.8
- fixed: 25.3.2
vulnerable_at: 0.12.1
summary: NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path in github.com/NVIDIA/mig-parted
cves:
- CVE-2025-23266
ghsas:
- GHSA-vmg3-7v43-9g23
references:
- advisory: https://github.com/advisories/GHSA-vmg3-7v43-9g23
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-23266
- web: https://github.com/NVIDIA/gpu-operator
- web: https://github.com/NVIDIA/k8s-device-plugin
- web: https://github.com/NVIDIA/mig-parted
- web: https://github.com/NVIDIA/nvidia-container-toolkit
- web: https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266
- web: https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266-part-2
- web: https://news.ycombinator.com/item?id=44818412
- web: https://nvidia.custhelp.com/app/answers/detail/a_id/5659
- web: https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape
source:
id: GHSA-vmg3-7v43-9g23
created: 2025-09-30T18:01:47.121234076Z
review_status: UNREVIEWED