Skip to content

Security Vulnerability for nvidia/k8s-device-plugin:0.17.2 #1288

Closed
Closed
Security Vulnerability for nvidia/k8s-device-plugin:0.17.2#1288
Labels
lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.
@thle40

Description

@thle40
thle40
opened on Jun 16, 2025

Release of version v0.17.2 run under RHEL9 contains several vulnerabilities
Some vulnerabilities can be fixed by upgrading the version of affected packages as below.

as requirement of our security remediating process in our org, we would like to report vulnerabilities for this version (though we will follow your release process)

Identifiers Severity CVSS Score Package FixIn
CVE-2025-5702, CWE-404 HIGH 8.1 glibc:2.34-125.el9_5.8 N/A
CVE-2025-5702, CWE-404 HIGH 8.1 glibc-common:2.34-125.el9_5.8 N/A
CVE-2025-5702, CWE-404 HIGH 8.1 glibc-minimal-langpack:2.34-125.el9_5.8 N/A
CVE-2025-49796, CWE-125 HIGH 9.1 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2025-49794, CWE-825 HIGH 9.1 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2025-49795, CWE-825 HIGH 7.5 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2025-5278, CWE-121 MEDIUM 4.4 coreutils-single:8.32-36.el9 N/A
CVE-2025-4373, CWE-124 MEDIUM 4.8 glib2:2.68.4-14.el9_4.1 N/A
CVE-2024-52533, CWE-193 MEDIUM 7 glib2:2.68.4-14.el9_4.1 N/A
CVE-2025-4802, CWE-426 MEDIUM 7 glibc:2.34-125.el9_5.8 0:2.34-168.el9_6.19
CVE-2025-4802, CWE-426 MEDIUM 7 glibc-common:2.34-125.el9_5.8 0:2.34-168.el9_6.19
CVE-2025-4802, CWE-426 MEDIUM 7 glibc-minimal-langpack:2.34-125.el9_5.8 0:2.34-168.el9_6.19
CVE-2024-12243, CWE-407 MEDIUM 5.3 gnutls:3.8.3-4.el9_4 0:3.8.3-6.el9
CVE-2025-24528, CWE-787 MEDIUM 6.5 krb5-libs:1.21.1-4.el9_5 0:1.21.1-6.el9
CVE-2025-3576, CWE-328 MEDIUM 5.9 krb5-libs:1.21.1-4.el9_5 N/A
CVE-2023-30571, CWE-362 MEDIUM 5.3 libarchive:3.5.3-4.el9 N/A
CVE-2025-25724, CWE-252 MEDIUM 4 libarchive:3.5.3-4.el9 N/A
CVE-2024-12133, CWE-407 MEDIUM 5.3 libtasn1:4.16.0-8.el9_1 0:4.16.0-9.el9
CVE-2025-6021, CWE-190, CWE-121 MEDIUM 7.5 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2025-32414, CWE-393 MEDIUM 5.6 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2024-35328, CWE-835 MEDIUM 7.5 libyaml:0.2.5-7.el9 N/A
CVE-2024-56433, CWE-1188 MEDIUM 3.6 shadow-utils:2:4.9-10.el9_5 N/A
CVE-2025-29087, CWE-190 MEDIUM 5.5 sqlite-libs:3.34.1-7.el9_3 N/A
CVE-2021-3997, CWE-674 MEDIUM 5.5 systemd-libs:252-46.el9_5.3 N/A
CVE-2024-7264, CWE-125 LOW 5.3 curl-minimal:7.76.1-31.el9 N/A
CVE-2024-9681, CWE-1025 LOW 3.9 curl-minimal:7.76.1-31.el9 N/A
CVE-2024-11053, CWE-200 LOW 5.9 curl-minimal:7.76.1-31.el9 N/A
CVE-2025-0725, CWE-680 LOW 4 curl-minimal:7.76.1-31.el9 N/A
CVE-2023-4156, CWE-125 LOW 6.1 gawk:5.1.0-6.el9 N/A
CVE-2023-32636, CWE-400 LOW 6.2 glib2:2.68.4-14.el9_4.1 N/A
CVE-2025-3360, CWE-190 LOW 3.7 glib2:2.68.4-14.el9_4.1 N/A
CVE-2022-3219, CWE-787 LOW 6.2 gnupg2:2.3.3-4.el9 N/A
CVE-2025-30258, CWE-754 LOW 2.7 gnupg2:2.3.3-4.el9 N/A
CVE-2025-5917, CWE-193, CWE-787 LOW 2.8 libarchive:3.5.3-4.el9 N/A
CVE-2025-5918, CWE-125 LOW 3.9 libarchive:3.5.3-4.el9 N/A
CVE-2025-5914, CWE-190, CWE-415 LOW 3.9 libarchive:3.5.3-4.el9 N/A
CVE-2025-5915, CWE-122 LOW 3.9 libarchive:3.5.3-4.el9 N/A
CVE-2025-5916, CWE-190 LOW 3.9 libarchive:3.5.3-4.el9 N/A
CVE-2025-1632, CWE-404, CWE-476 LOW 3.3 libarchive:3.5.3-4.el9 N/A
CVE-2024-7264, CWE-125 LOW 5.3 libcurl-minimal:7.76.1-31.el9 N/A
CVE-2024-9681, CWE-1025 LOW 3.9 libcurl-minimal:7.76.1-31.el9 N/A
CVE-2024-11053, CWE-200 LOW 5.9 libcurl-minimal:7.76.1-31.el9 N/A
CVE-2025-0725, CWE-680 LOW 4 libcurl-minimal:7.76.1-31.el9 N/A
CVE-2022-27943, CWE-400 LOW 5.5 libgcc:11.5.0-5.el9_5 N/A
CVE-2022-27943, CWE-400 LOW 5.5 libstdc++:11.5.0-5.el9_5 N/A
CVE-2023-45322, CWE-416 LOW 5.9 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2024-34459, CWE-126 LOW 5.5 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2025-27113, CWE-476 LOW 3.1 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2025-32415, CWE-1284 LOW 2.9 libxml2:2.9.13-6.el9_5.2 N/A
CVE-2022-29458, CWE-125 LOW 6.1 ncurses-base:6.2-10.20210508.el9 N/A
CVE-2023-50495, CWE-400 LOW 6.5 ncurses-base:6.2-10.20210508.el9 N/A
CVE-2023-45918, CWE-476 LOW 3.3 ncurses-base:6.2-10.20210508.el9 N/A
CVE-2022-29458, CWE-125 LOW 6.1 ncurses-libs:6.2-10.20210508.el9 N/A
CVE-2023-50495, CWE-400 LOW 6.5 ncurses-libs:6.2-10.20210508.el9 N/A
CVE-2023-45918, CWE-476 LOW 3.3 ncurses-libs:6.2-10.20210508.el9 N/A
CVE-2023-2953, CWE-476 LOW 7.1 openldap:2.6.6-3.el9 N/A
CVE-2024-41996, CWE-295 LOW 5.9 openssl-libs:1:3.2.2-6.el9_5.1 N/A
CVE-2024-13176, CWE-385 LOW 4.7 openssl-libs:1:3.2.2-6.el9_5.1 N/A
CVE-2022-41409, CWE-190 LOW 5.3 pcre2:10.40-6.el9 N/A
CVE-2022-41409, CWE-190 LOW 5.3 pcre2-syntax:10.40-6.el9 N/A
CVE-2023-36191, CWE-119 LOW 5.5 sqlite-libs:3.34.1-7.el9_3 N/A
CVE-2024-0232, CWE-416 LOW 4.7 sqlite-libs:3.34.1-7.el9_3 N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions