CVE-2021-34398

HIGH

7.8

Description

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie8/13/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

nvidia:data_center_gpu_manager

Faiblesses (CWE)

CWE-829

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5219(psirt@nvidia.com)

https://nvidia.custhelp.com/app/answers/detail/a_id/5219(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.