{ "id": "CVE-2022-21820", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-03-24T17:15:08.230", "lastModified": "2024-11-21T06:45:29.963", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity." }, { "lang": "es", "value": "NVIDIA DCGM contiene una vulnerabilidad en nvhostengine, donde un usuario de la red puede causar la detecci\u00f3n de condiciones de error sin acci\u00f3n, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo limitada, alguna denegaci\u00f3n de servicio, escalada de privilegios e impactos limitados en la confidencialidad e integridad de los datos" } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@nvidia.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW" }, "exploitabilityScore": 2.8, "impactScore": 3.4 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW" }, "exploitabilityScore": 2.8, "impactScore": 3.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "psirt@nvidia.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-755" }, { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:nvidia:data_center_gpu_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.5", "matchCriteriaId": "C5A835CD-84D4-4814-B2C3-5FF2E4551F9F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html", "source": "psirt@nvidia.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328", "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] } ] }