Main Vulnerability Database SB2023112720

SB2023112720 - SUSE update for slurm_22_05

Published: November 27, 2023

Security Bulletin ID SB2023112720

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Race condition (CVE-ID: CVE-2023-41914)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the slurmd/slurmstepd processes. A local user can exploit the race and gain take ownership of an arbitrary file on the system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20234580-1/

Vulnerable Software

SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
slurm_22_05-plugins: before 22.05.10-150200.5.6.1
libslurm38: before 22.05.10-150200.5.6.1
slurm_22_05-auth-none: before 22.05.10-150200.5.6.1
slurm_22_05-sql-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-torque: before 22.05.10-150200.5.6.1
slurm_22_05-lua-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-devel: before 22.05.10-150200.5.6.1
libslurm38-debuginfo: before 22.05.10-150200.5.6.1
libnss_slurm2_22_05: before 22.05.10-150200.5.6.1
slurm_22_05-munge-debuginfo: before 22.05.10-150200.5.6.1
libpmi0_22_05-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-sview-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-sview: before 22.05.10-150200.5.6.1
slurm_22_05-torque-debuginfo: before 22.05.10-150200.5.6.1
perl-slurm_22_05: before 22.05.10-150200.5.6.1
slurm_22_05-doc: before 22.05.10-150200.5.6.1
slurm_22_05-config: before 22.05.10-150200.5.6.1
slurm_22_05-webdoc: before 22.05.10-150200.5.6.1
slurm_22_05-config-man: before 22.05.10-150200.5.6.1
slurm_22_05-pam_slurm-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-debugsource: before 22.05.10-150200.5.6.1
slurm_22_05-pam_slurm: before 22.05.10-150200.5.6.1
slurm_22_05-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-node-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-node: before 22.05.10-150200.5.6.1
slurm_22_05: before 22.05.10-150200.5.6.1
slurm_22_05-lua: before 22.05.10-150200.5.6.1
slurm_22_05-slurmdbd-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-rest: before 22.05.10-150200.5.6.1
perl-slurm_22_05-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-sql: before 22.05.10-150200.5.6.1
libnss_slurm2_22_05-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-rest-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-slurmdbd: before 22.05.10-150200.5.6.1
slurm_22_05-munge: before 22.05.10-150200.5.6.1
slurm_22_05-auth-none-debuginfo: before 22.05.10-150200.5.6.1
slurm_22_05-plugins-debuginfo: before 22.05.10-150200.5.6.1
libpmi0_22_05: before 22.05.10-150200.5.6.1

SB2023112720 - SUSE update for slurm_22_05

Breakdown by Severity

Description

Remediation

References

Please verify you're human