Cisco Talos’ Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards.
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. The most serious of these issues has a CVSS score of 9.6 out of 10.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Out-of-bounds read vulnerability in NVIDIA GPU Compiler Driver
Discovered by Piotr Bania.
A compiler driver in some NVIDIA graphics cards contains an out-of-bounds read vulnerability that could allow an adversary to read an arbitrary memory region.
An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read.
This vulnerability could be triggered from guest machines running virtualization environments to perform a guest-to-host escape — as previously demonstrated in other GPU vulnerabilities like TALOS-2018-0533.
Talos researchers were able to trigger this vulnerability from a Hyper-V guest using the RemoteFX feature, which led to being able to execute the vulnerable code on the Hyper-V host. While Microsoft has deprecated RemoteFX, this feature may still be present in older versions of the Windows operating system.
Multiple vulnerabilities in Ankitects Anki flashcard software
Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B.
The Ankitects Anki flashcard software contains multiple vulnerabilities, one of which could lead to arbitrary code execution. This open-source tool allows users to create and share flashcards to study information.
An adversary could exploit all these vulnerabilities by sharing a specially crafted, malicious flashcard with a targeted user.
TALOS-2024-1994 (CVE-2024-32152) could lead to the creation of an arbitrary file along a fixed path. This vulnerability exists because a malicious user could manipulate a blocklist that normally prevents the use of certain malicious commands.
TALOS-2024-1992 (CVE-2024-29073) also involves manipulating the command blocklist, but in this case, could lead to arbitrary file read.
An adversary could also exploit TALOS-2024-1995 (CVE-2024-32484), a cross-site scripting vulnerability, in the software to inject JavaScript code into a flashcard and read a normally inaccessible file.
The most serious among this group of vulnerabilities is TALOS-2024-1993 (CVE-2024-26020), a script injection vulnerability that could lead to arbitrary code execution. This vulnerability has a CVSS score of 9.6 out of 10. In Talos’ testing, researchers could exploit this vulnerability to obtain full command injection on the targeted user’s system.