First published: Mon Oct 30 2023(Updated: )
It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. (CVE-2022-29500) It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket in the host. An attacker could possibly use this issue to execute arbitrary code as the root user. (CVE-2022-29501) It was discovered that Slurm did not properly handle validation logic when processing input and output data with the srun client, which could lead to the interception of process I/O. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-29502)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libpam-slurm | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/libpmi0 | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/libpmi2-0 | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/libslurm-perl | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/libslurm37 | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/libslurmdb-perl | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurm-client | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurm-wlm | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurm-wlm-basic-plugins | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurmctld | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurmd | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurmdbd | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/slurmrestd | <21.08.5-2ubuntu1+esm1 | 21.08.5-2ubuntu1+esm1 |
=22.04 | ||
All of | ||
ubuntu/libpam-slurm | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/libpmi0 | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/libpmi2-0 | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/libslurm-perl | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/libslurm34 | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/libslurmdb-perl | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/slurm-client | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/slurm-wlm | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/slurm-wlm-basic-plugins | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/slurmctld | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/slurmd | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 | ||
All of | ||
ubuntu/slurmdbd | <19.05.5-1ubuntu0.1~esm2 | 19.05.5-1ubuntu0.1~esm2 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this Slurm vulnerability is CVE-2022-29500.
The severity of CVE-2022-29500 is not specified in the information provided.
The affected software for CVE-2022-29500 includes libpam-slurm, libpmi0, libpmi2-0, libslurm-perl, libslurm37, libslurmdb-perl, slurm-client, slurm-wlm, slurm-wlm-basic-plugins, slurmctld, slurmd, slurmdbd, and slurmrestd.
To fix CVE-2022-29500, update the affected software to version 21.08.5-2ubuntu1+esm1 or later.
More information about CVE-2022-29500 can be found at the following reference: https://ubuntu.com/security/CVE-2022-29500.