CVE-2020-27746 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
schedmd	slurm	𝑥 < 19.05.8
schedmd	slurm	20.0.0 ≤ 𝑥 < 20.02.6
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

slurm-wlm

bookworm	22.05.8-4+deb12u2 fixed
bookworm (security)	22.05.8-4+deb12u2 fixed
bullseye	20.11.7+really20.11.4-2+deb11u1 fixed
bullseye (security)	20.11.7+really20.11.4-2+deb11u1 fixed
sid	24.05.2-1 fixed
stretch	not-affected
trixie	24.05.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

slurm-llnl

bionic	Fixed 17.11.2-1ubuntu0.1~esm4 released
focal	Fixed 19.05.5-1ubuntu0.1~esm1 released
groovy	ignored
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://www.debian.org/security/2021/dsa-4841

https://www.schedmd.com/news.php

https://www.debian.org/security/2021/dsa-4841

https://www.schedmd.com/news.php