XPixelGroup BasicSR Arbitrary Code Execution Vulnerability via SLURM_NODELIST Environment Variable

A vulnerability allowing arbitrary code execution has been identified in XPixelGroup BasicSR versions through 1.4.2. This issue arises in the 'init_dist_slurm' function, where the 'scontrol show hostname' command is executed using a crafted 'SLURM_NODELIST' environment variable. The vulnerability is rooted in inadequate input validation of environment variables utilized for setting up CUDA devices, potentially allowing local attackers to execute malicious code within the application's context.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, with possible consequences including privilege escalation, unauthorized access, or a denial-of-service condition.

Reproduction

To reproduce this vulnerability, set the 'SLURM_NODELIST' environment variable with crafted input that could be exploited. Then, execute the 'scontrol show hostname' command within the 'init_dist_slurm' function of the BasicSR application. The maliciously crafted 'SLURM_NODELIST' input will be processed without proper validation, allowing for arbitrary code execution.

Remediation

Users are advised to update to the latest version of BasicSR, where this vulnerability has been patched. Additionally, implement strict input validation and sanitization for environment variables, particularly those sourced from external commands or user inputs.