Skip to content

Instantly share code, notes, and snippets.

@aydinnyunus

aydinnyunus/CVE-2024-27763.md

Last active March 10, 2025 19:26
Show Gist options
  • Save aydinnyunus/40e1d8a3b529261ae654ff4891f1e192 to your computer and use it in GitHub Desktop.
Save aydinnyunus/40e1d8a3b529261ae654ff4891f1e192 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2024-27763
Raw
CVE-2024-27763.md

Vulnerability Report: Execution of Arbitrary Code via scontrol show hostname Command in BasicSR

Vulnerability Overview: An issue has been identified in BasicSR version 1.4.2 and earlier versions, maintained by XPixelGroup, which allows a local attacker to execute arbitrary code through the scontrol show hostname command within the init_dist_slurm function. This vulnerability exists due to insufficient input validation in handling environment variables used for CUDA device setup.

Vulnerability Details:

  • CVE-ID: CVE-2024-27763
  • CVSS Score: (Pending assessment)
  • Impact: Local attackers can exploit this vulnerability to execute arbitrary code within the context of the application, potentially leading to unauthorized access, privilege escalation, or denial of service.

Affected Versions:

  • BasicSR versions 1.4.2 and earlier.

Vulnerability Description: The vulnerability arises from the following code snippet located in basicsr/utils/dist_util.py:

proc_id = int(os.environ['SLURM_PROCID'])
ntasks = int(os.environ['SLURM_NTASKS'])
node_list = os.environ['SLURM_NODELIST']
num_gpus = torch.cuda.device_count()
torch.cuda.set_device(proc_id % num_gpus)
addr = subprocess.getoutput(f'scontrol show hostname {node_list} | head -n1')

The scontrol show hostname {node_list} command retrieves the hostname from the SLURM controller based on the SLURM_NODELIST environment variable. The retrieved hostname is then used in subsequent operations without proper validation, allowing for potential command injection if node_list contains maliciously crafted input.

Mitigation: To mitigate this vulnerability, it is recommended to:

  • Input Validation: Implement strict input validation and sanitization of environment variables, especially those derived from external commands or user-controlled inputs.
  • Command Execution Safeguards: Avoid using unvalidated inputs directly in command execution functions like subprocess.getoutput.
  • Update: Upgrade to the latest version of BasicSR where this vulnerability has been patched.

References:

This report outlines the critical vulnerability present in BasicSR versions 1.4.2 and earlier, providing guidance on mitigation and updating affected systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment