I’m trying to understand the release and patching strategy for NVIDIA’s Ubuntu-based CUDA images, specifically the cudnn-runtime variants.
From reviewing the Docker Hub tags (nvidia/cuda), it appears that new image versions are typically released every couple of months. However, I would like to confirm if there’s a defined release cadence for these updates.
In particular, I’m interested in how vulnerabilities in the Ubuntu base image are handled. For example, the image nvidia/cuda:12.9.0-cudnn-runtime-ubuntu24.04 is currently available, but when scanned with common vulnerability scanning tools, it shows multiple medium and low severity issues inherited from the base image.
Could you please clarify:
- How frequently are base image vulnerabilities addressed in the
cudnn-runtimeUbuntu images? - Is there a schedule or trigger for rebuilding and republishing images with patched base layers?
- What is the best practice for consumers to stay updated on security fixes in these images?
This information would help us make informed decisions about using and maintaining Ubuntu-based CUDA images in our environments.
Thanks in advance!