Closed dgr237 closed 2 years ago
We are in the process of preparing a release for this component which will include an update of the base images.
Latest release out with all known CVEs patched: https://github.com/NVIDIA/gpu-feature-discovery/releases/tag/v0.5.0
The latest version is reporting a critical vulnerability:
glibc: Arbitrary read in wordexp() (CVE-2021-35942): https://nvd.nist.gov/vuln/detail/CVE-2021-35942
It is noted that the latest version of the k8s-device-plugin (v0.10.0) is not reporting this vulnerability which is using the base image:
nvcr.io/nvidia/cuda:11.4.2-base-obi8
Could we get a release of this component using the latest cuda base image?