cvelist/2022/21xxx/CVE-2022-21820.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2022-21820",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "NVIDIA Data Center GPU Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions prior to 2.3.4"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "NVIDIA"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity."
            }
        ]
    },
    "impact": {
        "cvss": {
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20 Improper Input Validation"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328",
                "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328"
            },
            {
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html",
                "url": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html"
            }
        ]
    }
}
"-Synchronized-Data." 2021-12-10 15:01:07 +00:00			`{`
			`"CVE_data_meta": {`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`"ASSIGNER": "psirt@nvidia.com",`
"-Synchronized-Data." 2021-12-10 15:01:07 +00:00			`"ID": "CVE-2022-21820",`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "NVIDIA Data Center GPU Manager",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "All versions prior to 2.3.4"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "NVIDIA"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2021-12-10 15:01:07 +00:00			`},`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-12-10 15:01:07 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`"value": "NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity."`
"-Synchronized-Data." 2021-12-10 15:01:07 +00:00			`}`
			`]`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`},`
			`"impact": {`
			`"cvss": {`
"-Synchronized-Data." 2022-03-24 18:01:25 +00:00			`"baseScore": 6.3,`
			`"baseSeverity": "Medium",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",`
			`"version": "3.1"`
			`}`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-20 Improper Input Validation"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-03-24 18:01:25 +00:00			`"refsource": "MISC",`
			`"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328",`
			`"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328"`
"-Synchronized-Data." 2022-06-03 18:01:32 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html",`
			`"url": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html"`
"-Synchronized-Data." 2022-03-24 18:01:25 +00:00			`}`
CVE-2022-21820 - DCGM CVE CVE-2022-21820 - DCGM CVE 2022-03-24 11:58:44 -05:00			`]`
"-Synchronized-Data." 2021-12-10 15:01:07 +00:00			`}`
"-Synchronized-Data." 2022-03-24 18:01:25 +00:00			`}`