CVE-2021-34398

Name of the Vulnerable Software and Affected Versions: NVIDIA DCGM versions prior to 2.2.9

Description: The issue concerns a vulnerability in the DIAG module of NVIDIA DCGM, where any user can inject shared libraries into the DCGM server, typically running as root. This may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

Recommendations: For versions prior to 2.2.9, update to version 2.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the DIAG module to minimize the risk of exploitation.