[USN-8236-1] Slurm vulnerabilities

Wed, 06 May 2026 23:38:27 -0700 

==========================================================================
Ubuntu Security Notice USN-8236-1
May 06, 2026

slurm-wlm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Slurm.

Software Description:
- slurm-wlm: Simple Linux Utility for Resource Management

Details:

It was discovered that Slurm did not correctly handle certain file system
operations. An attacker could possibly use this issue to modify files or
leak sensitive information. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-41914)

Ryan Hall discovered that Slurm did not correctly enforce certain message
integrity checks. An attacker could possibly use this issue to bypass
integrity checks. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-49933)

Ryan Hall discovered that Slurm did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-49937)

Ryan Hall discovered that Slurm did not correctly handle certain access
control mechanisms. An attacker could possibly use this issue to modify
files or leak sensitive information. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-49938)

It was discovered that Slurm did not correctly handle user promotion. An
attacker could possibly use this issue to promote themselves to an
administrator. (CVE-2025-43904)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libpam-slurm                    23.11.4-1.2ubuntu5+esm1
                                  Available with Ubuntu Pro
  libpam-slurm-dev                23.11.4-1.2ubuntu5+esm1
                                  Available with Ubuntu Pro
  libslurm-dev                    23.11.4-1.2ubuntu5+esm1
                                  Available with Ubuntu Pro
  slurm-wlm                       23.11.4-1.2ubuntu5+esm1
                                  Available with Ubuntu Pro
  slurmctld                       23.11.4-1.2ubuntu5+esm1
                                  Available with Ubuntu Pro
  slurmd                          23.11.4-1.2ubuntu5+esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libpam-slurm                    21.08.5-2ubuntu1+esm2
                                  Available with Ubuntu Pro
  libslurm-dev                    21.08.5-2ubuntu1+esm2
                                  Available with Ubuntu Pro
  slurm-wlm                       21.08.5-2ubuntu1+esm2
                                  Available with Ubuntu Pro
  slurmctld                       21.08.5-2ubuntu1+esm2
                                  Available with Ubuntu Pro
  slurmd                          21.08.5-2ubuntu1+esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart Slurm to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8236-1
  CVE-2023-41914, CVE-2023-49933, CVE-2023-49937, CVE-2023-49938,
  CVE-2025-43904

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to