Preface: When running Windows containers on a Windows host, here’s what happens –
Containers share the host kernel — unlike Linux containers on Linux, Windows containers rely on the Windows kernel and some host services.
Isolation is limited — Windows containers are isolated at the process level, but they can access some host resources, especially if configured with elevated privileges.
Background: DLL Search Order
When an application dynamically loads a DLL using functions like LoadLibrary or LoadLibraryEx without providing a complete path, Windows follows a predefined search order to locate the required DLL. This order typically includes:
- The directory from which the application loaded.
- The system directory (%SystemRoot%\system32).
- The 16-bit system directory.
- The Windows directory (%SystemRoot%).
- The current working directory (CWD).
- The directories listed in the PATH environment variable.
Vulnerability details: NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.
Supplement:
If a Windows container is configured to use the GPU and the vulnerable NVIDIA driver is present on the host:
DLL Hijacking Risk: If the container or its processes can influence the DLL search path (e.g., by setting the current working directory or placing files in directories searched first), it might be able to exploit the vulnerability.
Container Escape Potential: If the malicious DLL is loaded by a privileged process (e.g., one running as SYSTEM or with elevated rights), it could lead to privilege escalation or container escape.
Remark: Limited by Container Isolation: If the container is running with strict isolation and without elevated privileges or GPU access, the risk is significantly lower, but not zero — especially if the container can manipulate the environment in which the vulnerable driver operates.
To reduce risk (remedy):
Update the NVIDIA driver — Ensure the host is running a patched version that addresses CVE-2025-23309.
Restrict container privileges — Avoid running containers with elevated privileges or access to host directories.
Use absolute paths in DLL loading — If developing software inside containers, always use secure DLL loading practices.
Monitor container file systems — Prevent unauthorized DLLs from being placed in sensitive directories.
Official announcement: Please see the link for details –