Critical vulnerabilities in base image

[dgr237]

The latest version is reporting a critical vulnerability:

glibc: Arbitrary read in wordexp() (CVE-2021-35942): https://nvd.nist.gov/vuln/detail/CVE-2021-35942

It is noted that the latest version of the k8s-device-plugin (v0.10.0) is not reporting this vulnerability which is using the base image:

nvcr.io/nvidia/cuda:11.4.2-base-obi8

Could we get a release of this component using the latest cuda base image?

[elezar]

We are in the process of preparing a release for this component which will include an update of the base images.

[klueska]

Latest release out with all known CVEs patched: https://github.com/NVIDIA/gpu-feature-discovery/releases/tag/v0.5.0