Home / mailingsPDF  

[USN-8197-1] Slurm vulnerability

Posted on 23 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8197-1
April 22, 2026

slurm-llnl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Slurm could be made to send data to an arbitrary unix socket on the host.

Software Description:
- slurm-llnl: Simple Linux Utility for Resource Management

Details:

It was discovered that Slurm did not properly handle access control when
dealing with RPC traffic through PMI2 and PMIx, which could allow an
unprivileged user to send data to an arbitrary unix socket on the host.
An attacker could possibly use this issue to execute arbitrary code as
the root user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
libpam-slurm 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libpmi0 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libpmi2-0 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libslurm32 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libslurmdb32 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurm-client 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurm-wlm 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurmctld 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurmd 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurmdbd 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libpam-slurm 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
libpmi0 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
libslurm29 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
libslurmdb29 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurm-client 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurm-llnl 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurm-wlm 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurmctld 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurmd 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurmdbd 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libpam-slurm 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
libpmi0 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
libslurm26 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
libslurmdb26 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
slurm-llnl 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro

After a standard system update you need to restart Slurm to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-8197-1
CVE-2022-29501

--===============7443665268533367734==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :