CVE-2022-21820 — Improper Input Validation in Nvidia Data Center GPU Manager

CWE-20 — Improper Input Validation CWE-755 — Improper Handling of Exceptional Conditions CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

1.2%

top 20.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Data Center GPU Manager Nvidia Data Center GPU Manager

Timeline

PublishedMar 24

Latest updateMar 25

Description

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶NVDnvidia/data_center_gpu_manager< 2.3.5

▶CVEListV5nvidia/nvidia_data_center_gpu_managerAll versions prior to 2.3.4

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-rqg9-g4fr-3cfj: NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to l↗2022-03-25

▶

CVEList

CVE-2022-21820: NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to l↗2022-03-24

▶