Auto-merge PR#2636

2025-08-04 08:44:25 +00:00 · 2021-08-24 06:30:11 -04:00 · 2021-08-24 06:30:11 -04:00 · 943bc3211a
commit 943bc3211a
parent 1401ef37b6 e1710ea98c
1 changed files with 68 additions and 61 deletions
--- a/2021/34xxx/CVE-2021-34398.json
+++ b/2021/34xxx/CVE-2021-34398.json
@ -1,62 +1,69 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-34398",
-        "ASSIGNER": "psirt@nvidia.com",
-        "STATE": "PUBLIC"
-    },
-    "affects": {
-        "vendor": {
-            "vendor_data": [
-                {
-                    "vendor_name": "n/a",
-                    "product": {
-                        "product_data": [
-                            {
-                                "product_name": "NVIDIA Data Center GPU Manager",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_value": "DCGM versions up to and including 2.2.8"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    }
-                }
-            ]
-        }
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "CWE-427: Uncontrolled Search Path Element"
-                    }
-                ]
-            }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "refsource": "MISC",
-                "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5219",
-                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5219"
-            }
-        ]
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service"
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "psirt@nvidia.com",
+		"ID" : "CVE-2021-34398",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "NVIDIA Data Center GPU Manager (DCGM)",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "DCGM versions prior to 2.2.9"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "NVIDIA"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service."
+			}
+		]
+	},
+	"impact" : {
+		"cvss" : {
+			"baseScore" : 7.8,
+			"baseSeverity" : "High",
+			"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+			"version" : "3.1"
+		}
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "information disclosure, denial of service, loss of integrity"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"refsource" : "CONFIRM",
+				"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5219"
+			}
+		]
+	}
+}