Main Vulnerability Database Vulnerabilities #VU55645

Code Injection in NVIDIA Data Center GPU Manager (DCGM) - CVE-2021-34398

Published: August 8, 2021

Vulnerability identifier: #VU55645

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-34398

CWE-ID: CWE-94

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
NVIDIA Data Center GPU Manager (DCGM)

Software vendor:
nVidia

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root. A local user can inject and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5219

Code Injection in NVIDIA Data Center GPU Manager (DCGM) - CVE-2021-34398

Description

Remediation

External links

Please verify you're human