Security Vulnerability for nvidia/k8s-device-plugin:0.17.4 #1429
Description
Release of version v0.17.4 run under RHEL9 contains several vulnerabilities
Some vulnerabilities can be fixed by upgrading the version of affected packages as below.
as requirement of our security remediating process in our org, we would like to report vulnerabilities for this version (though we will follow your release process)
| Identifiers | Severity | CVSS Score | Title | Package | FixIn |
|---|---|---|---|---|---|
| CVE-2025-5278, CWE-121 | MEDIUM | 4.4 | Stack-based Buffer Overflow | coreutils-single:8.32-39.el9 | N/A |
| CVE-2025-9086, CWE-125 | MEDIUM | 5.3 | Out-of-bounds Read | curl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2025-32989, CWE-295 | MEDIUM | 5.3 | Improper Certificate Validation | gnutls:3.8.3-6.el9 | 0:3.8.3-6.el9_6.2 |
| CVE-2025-32990, CWE-122 | MEDIUM | 6.5 | Heap-based Buffer Overflow | gnutls:3.8.3-6.el9 | 0:3.8.3-6.el9_6.2 |
| CVE-2025-32988, CWE-415 | MEDIUM | 6.5 | Double Free | gnutls:3.8.3-6.el9 | 0:3.8.3-6.el9_6.2 |
| CVE-2025-6395, CWE-476 | MEDIUM | 6.5 | NULL Pointer Dereference | gnutls:3.8.3-6.el9 | 0:3.8.3-6.el9_6.2 |
| CVE-2023-30571, CWE-362 | MEDIUM | 5.3 | Race Condition | libarchive:3.5.3-6.el9_6 | N/A |
| CVE-2025-9086, CWE-125 | MEDIUM | 5.3 | Out-of-bounds Read | libcurl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2025-9714, CWE-606 | MEDIUM | 6.2 | Unchecked Input for Loop Condition | libxml2:2.9.13-12.el9_6 | N/A |
| CVE-2024-35328, CWE-835 | MEDIUM | 7.5 | Loop with Unreachable Exit Condition ('Infinite Loop') | libyaml:0.2.5-7.el9 | N/A |
| CVE-2025-4598, CWE-364 | MEDIUM | 4.7 | Race Condition | systemd-libs:252-51.el9_6.1 | N/A |
| CVE-2024-7264, CWE-125 | LOW | 5.3 | Out-of-bounds Read | curl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2024-9681, CWE-1025 | LOW | 3.9 | Comparison Using Wrong Factors | curl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2024-11053, CWE-200 | LOW | 5.9 | Information Exposure | curl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2023-4156, CWE-125 | LOW | 6.1 | Out-of-bounds Read | gawk:5.1.0-6.el9 | N/A |
| CVE-2025-7039, CWE-190, CWE-22 | LOW | 3.7 | Integer Overflow or Wraparound | glib2:2.68.4-16.el9_6.2 | N/A |
| CVE-2023-32636, CWE-400 | LOW | 6.2 | Resource Exhaustion | glib2:2.68.4-16.el9_6.2 | N/A |
| CVE-2025-3360, CWE-190 | LOW | 3.7 | Integer Overflow or Wraparound | glib2:2.68.4-16.el9_6.2 | N/A |
| CVE-2022-3219, CWE-787 | LOW | 6.2 | Out-of-bounds Write | gnupg2:2.3.3-4.el9 | N/A |
| CVE-2025-30258, CWE-754 | LOW | 2.7 | Improper Check for Unusual or Exceptional Conditions | gnupg2:2.3.3-4.el9 | N/A |
| CVE-2025-5917, CWE-193, CWE-787 | LOW | 2.8 | Off-by-one Error | libarchive:3.5.3-6.el9_6 | N/A |
| CVE-2025-5918, CWE-125 | LOW | 3.9 | Out-of-bounds Read | libarchive:3.5.3-6.el9_6 | N/A |
| CVE-2025-5915, CWE-122 | LOW | 3.9 | Heap-based Buffer Overflow | libarchive:3.5.3-6.el9_6 | N/A |
| CVE-2025-5916, CWE-190 | LOW | 3.9 | Integer Overflow or Wraparound | libarchive:3.5.3-6.el9_6 | N/A |
| CVE-2025-1632, CWE-404, CWE-476 | LOW | 3.3 | Improper Resource Shutdown or Release | libarchive:3.5.3-6.el9_6 | N/A |
| CVE-2024-7264, CWE-125 | LOW | 5.3 | Out-of-bounds Read | libcurl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2024-9681, CWE-1025 | LOW | 3.9 | Comparison Using Wrong Factors | libcurl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2024-11053, CWE-200 | LOW | 5.9 | Information Exposure | libcurl-minimal:7.76.1-31.el9_6.1 | N/A |
| CVE-2022-27943, CWE-400 | LOW | 5.5 | Resource Exhaustion | libgcc:11.5.0-5.el9_5 | N/A |
| CVE-2022-27943, CWE-400 | LOW | 5.5 | Resource Exhaustion | libstdc++:11.5.0-5.el9_5 | N/A |
| CVE-2025-6170, CWE-121 | LOW | 2.5 | Stack-based Buffer Overflow | libxml2:2.9.13-12.el9_6 | N/A |
| CVE-2023-45322, CWE-416 | LOW | 5.9 | Use After Free | libxml2:2.9.13-12.el9_6 | N/A |
| CVE-2024-34459, CWE-126 | LOW | 5.5 | Buffer Over-read | libxml2:2.9.13-12.el9_6 | N/A |
| CVE-2025-27113, CWE-476 | LOW | 3.1 | NULL Pointer Dereference | libxml2:2.9.13-12.el9_6 | N/A |
| CVE-2023-50495, CWE-400 | LOW | 6.5 | Resource Exhaustion | ncurses-base:6.2-10.20210508.el9_6.2 | N/A |
| CVE-2023-50495, CWE-400 | LOW | 6.5 | Resource Exhaustion | ncurses-libs:6.2-10.20210508.el9_6.2 | N/A |
| CVE-2024-41996, CWE-295 | LOW | 5.9 | Improper Certificate Validation | openssl-libs:1:3.2.2-6.el9_5.1 | N/A |
| CVE-2024-13176, CWE-385 | LOW | 4.7 | Covert Timing Channel | openssl-libs:1:3.2.2-6.el9_5.1 | N/A |
| CVE-2022-41409, CWE-190 | LOW | 5.3 | Integer Overflow or Wraparound | pcre2:10.40-6.el9 | N/A |
| CVE-2022-41409, CWE-190 | LOW | 5.3 | Integer Overflow or Wraparound | pcre2-syntax:10.40-6.el9 | N/A |
| CVE-2024-56433, CWE-1188 | LOW | 3.6 | Insecure Default Initialization of Resource | shadow-utils:2:4.9-12.el9 | N/A |
| CVE-2024-0232, CWE-416 | LOW | 4.7 | Use After Free | sqlite-libs:3.34.1-8.el9_6 | N/A |