CVE-2022-21820 Vulnerability Details

  /     /     /  

CVE-2022-21820 Metadata Quick Info

CVE Published: 24/03/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: nvidia | Vendor: NVIDIA | Product: NVIDIA Data Center GPU Manager
Status : PUBLISHED

---

CVE-2022-21820 Description

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

Metrics

CVSS Version: 3.1 | Base Score: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: NVIDIA

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).