CVE-2021-34398

Опубликовано: 13 авг. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

Ссылки

https://nvidia.custhelp.com/app/answers/detail/a_id/5219
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5219
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nvidia:data_center_gpu_manager:*:*:*:*:*:*:*:*

Версия до 2.2.9 (исключая)

EPSS

Процентиль: 11%

0.00038

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-829

Связанные уязвимости

GHSA-wwx8-c8jc-fh33

github

больше 3 лет назад

NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service