CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0208
https://notcve.org/view.php?id=CVE-2023-0208
NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5453 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-21820 – NVIDIA Data Center GPU Manager Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2022-21820
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. NVIDIA DCGM contiene una vulnerabilidad en nvhostengine, donde un usuario de la red puede causar la detección de condiciones de error sin acción, lo que puede conllevar a una ejecución de código limitada, alguna denegación de servicio, escalada de privilegios e impactos limitados en la confidencialidad e integridad de los datos NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 (remote mgmt). A native client named DCGMI allows users to make requests to the daemon to support a variety of functions. Malformed packets can cause the daemon (running as root or user account) to crash or potentially result in code execution. Versions less than 2.3.5 are affected. • http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html https://nvidia.custhelp.com/app/answers/detail/a_id/5328 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34398
https://notcve.org/view.php?id=CVE-2021-34398
NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. NVIDIA DCGM, en todas las versiones anteriores a la versión 2.2.9, contiene una vulnerabilidad en el módulo DIAG por la que cualquier usuario puede inyectar bibliotecas compartidas en el servidor DCGM, que normalmente es ejecutado como root, que puede conllevar a una escalada de privilegios, la pérdida total de la confidencialidad e integridad y la denegación completa del servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5219 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •