CVE-2021-34398
HIGHNVIDIA Data Center GPU Manager < 2.2.9 - Privilege Escalation via DIAG Module Shared Library Injection
Title source: llmDescription
NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://nvidia.custhelp.com/app/answers/detail/a_id/5219
Scores
CVSS v3
7.8
EPSS
0.0026
EPSS Percentile
17.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-829
Status
published
Products (1)
nvidia/data_center_gpu_manager
< 2.2.9
Published
Aug 13, 2021
Tracked Since
Feb 18, 2026