CVE-2022-21820

MEDIUM

Nvidia Data Center Gpu Manager < 2.3.5 - Out-of-Bounds Write

Title source: rule

Description

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html

[Patch, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5328

Scores

CVSS v3 6.3

EPSS 0.0121

EPSS Percentile 78.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-755 CWE-20 CWE-787

Status published

Affected Products (1)

nvidia/data_center_gpu_manager < 2.3.5

Timeline

Published Mar 24, 2022

Tracked Since Feb 18, 2026