Main Vulnerability Database SB20231018135

SB20231018135 - SUSE update for slurm

Published: October 18, 2023

Security Bulletin ID SB20231018135

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2023-41914)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the slurmd/slurmstepd processes. A local user can exploit the race and gain take ownership of an arbitrary file on the system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20234118-1/

Vulnerable Software

SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15: SP1
slurm_20_02-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-config: before 20.02.7-150100.3.27.1
slurm_20_02-lua-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-doc: before 20.02.7-150100.3.27.1
slurm_20_02-pam_slurm: before 20.02.7-150100.3.27.1
slurm_20_02-lua: before 20.02.7-150100.3.27.1
slurm_20_02-pam_slurm-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-sql-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-munge-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-plugins: before 20.02.7-150100.3.27.1
libnss_slurm2_20_02-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-debugsource: before 20.02.7-150100.3.27.1
libslurm35: before 20.02.7-150100.3.27.1
slurm_20_02-sview-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-slurmdbd-debuginfo: before 20.02.7-150100.3.27.1
perl-slurm_20_02: before 20.02.7-150100.3.27.1
slurm_20_02-torque-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-node-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-munge: before 20.02.7-150100.3.27.1
libslurm35-debuginfo: before 20.02.7-150100.3.27.1
libpmi0_20_02-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-plugins-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-config-man: before 20.02.7-150100.3.27.1
slurm_20_02-sql: before 20.02.7-150100.3.27.1
slurm_20_02-torque: before 20.02.7-150100.3.27.1
slurm_20_02-auth-none-debuginfo: before 20.02.7-150100.3.27.1
libpmi0_20_02: before 20.02.7-150100.3.27.1
slurm_20_02-sview: before 20.02.7-150100.3.27.1
slurm_20_02-devel: before 20.02.7-150100.3.27.1
slurm_20_02-auth-none: before 20.02.7-150100.3.27.1
perl-slurm_20_02-debuginfo: before 20.02.7-150100.3.27.1
slurm_20_02-node: before 20.02.7-150100.3.27.1
libnss_slurm2_20_02: before 20.02.7-150100.3.27.1
slurm_20_02-webdoc: before 20.02.7-150100.3.27.1
slurm_20_02: before 20.02.7-150100.3.27.1
slurm_20_02-slurmdbd: before 20.02.7-150100.3.27.1