AVID-2026-R0956

Description

Vulnerability CVE-2022-21820

Details

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

Reason for inclusion in AVID: CVE-2022-21820 describes a remote memory corruption vulnerability in NVIDIA Data Center GPU Manager (DCGM) nvhostengine that can lead to limited code execution, denial of service, privilege escalation, and impacts to confidentiality and integrity. DCGM is a software component used to manage NVIDIA GPUs in data-center AI workloads, making it AI-related and part of the software stack used to build/train/deploy AI systems. It concerns software supply chain elements (management/runtime components used in AI deployments). The vulnerability is clearly CVE-listed with explicit security impacts. Therefore, it satisfies the AVID criteria for an AI-supply-chain vulnerability with sufficient evidence.

References

• NVD entry
• https://nvidia.custhelp.com/app/answers/detail/a_id/5328
• http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html

Affected or Relevant Artifacts

• Developer: NVIDIA
• Deployer: NVIDIA
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-03-24
• Version: 0.3.3
• AVID Entry