It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. (CVE-2022-29500) It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket in the host. An attacker could possibly use this issue to execute arbitrary code as the root user. (CVE-2022-29501) It was discovered that Slurm did not properly handle validation logic when processing input and output data with the srun client, which could lead to the interception of process I/O. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-29502)
Continue reading...
Continue reading...
