Severity
High
Analysis Summary
CVE-2021-34398
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.
Impact
- Privilege Escalation
- Denial of Service
Affected Vendors
NVIDIA
Affected Products
- DCGM versions up to and including 2.2.8
Remediation
Refer to vendor’s advisory for the list of upgraded patches.