CVE-2022-21820

MEDIUM

Nvidia Data Center Gpu Manager < 2.3.5 - Out-of-Bounds Write

Title source: rule

Description

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

References (2)

[Patch, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5328

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html

Scores

CVSS v3 6.3

EPSS 0.0121

EPSS Percentile 79.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-755 CWE-20 CWE-787

Status published

Products (1)

nvidia/data_center_gpu_manager < 2.3.5

Published Mar 24, 2022

Tracked Since Feb 18, 2026