Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5219
HistoryAug 06, 2021 - 12:00 a.m.

Security Bulletin: NVIDIA DCGM - August 2021

2021-08-0600:00:00
nvidia.custhelp.com
7

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. To protect your system, download and install the latest DCGM release from the CUDA repositories. Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Base Score Vector
CVE‑2021‑34398 NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

CVE IDs Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2021‑34398 DCGM Linux DCGM versions up to and including 2.2.8 DCGM 2.2.9

Notes

  • Earlier software branch releases that support this product are also affected. If you are using an earlier branch release, upgrade to the latest branch release.

Mitigations

See Security Updates for the version to install.

Related

cve 1
cvelist 1
nvd 1
prion 1
cve
cve
CVE-2021-34398
2021-08-13 16:15:07
cvelist
cvelist
CVE-2021-34398
2021-08-13 15:42:02
nvd
nvd
CVE-2021-34398
2021-08-13 16:15:07
prion
prion
Design/Logic Flaw
2021-08-13 16:15:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for NVIDIA:5219
cve1cvelist1nvd1prion1