Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

EUVD-2020-24211

Malware in sbrugna...

EUVD-2019-9329

Malware in sbrugna...

EUVD-2009-2080

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-19728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. CVE-2019-19728 Note that Nessus relies on the presence of th...

DEBIAN-CVE-2023-49938

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7...

DEBIAN-CVE-2023-49936

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1...

PT-2023-28164 · Schedmd +2 · Slurm +2

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 23.02.x through 23.02.5 SchedMD Slurm versions 22.05.x through 22.05.9 Description: The issue allows filesystem race conditions, which can be exploited to gain ownership of a file, overwrite a file, or delete files...

SUSE CVE-2016-10030

The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...

SUSE-SU-2022:3454-1 Security update for slurm_18_08

This update for slurm1808 fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package bsc1201674. - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root bsc1199278. -...

CVE-2022-31251

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3...

Remote Code Execution

SchedMD Slurm is vulnerable to remote code execution. An attacker is able to execute arbitrary code remotely as SlurmUser due to the use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling...

SUSE SLES15 Security Update : slurm (SUSE-SU-2021:1855-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:1855-1 advisory. - SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or...

The vulnerability of the Slurm resource manager, related to improper handling of the SPANK environment variable, allows a perpetrator to escalate their privileges.

The vulnerability of the Slurm resource manager is related to incorrect processing of the SPANK environment variable. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level when executing Prolog or Epilog scripts...

CVE-2009-2084

Simple Linux Utility for Resource Management SLURM 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking 1 sbcast from the slurmd daemon or 2 strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges...