CVE-2022-29501

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
schedmdslurm
𝑥
< 20.11.9
schedmdslurm
21.08.0 ≤
𝑥
< 21.08.08
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
slurm-wlm
bullseye (security)
20.11.7+really20.11.4-2+deb11u1
fixed
bullseye
20.11.7+really20.11.4-2+deb11u1
fixed
buster
no-dsa
bookworm
22.05.8-4+deb12u2
fixed
bookworm (security)
22.05.8-4+deb12u2
fixed
sid
24.05.2-1
fixed
trixie
24.05.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
slurm-llnl
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
focal
Fixed 19.05.5-1ubuntu0.1~esm2
released
bionic
needed
xenial
needed
trusty
needed
slurm-wlm
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
Fixed 21.08.5-2ubuntu1+esm1
released
impish
ignored
focal
dne
bionic
dne
trusty
dne
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW/
https://lists.schedmd.com/pipermail/slurm-announce/
https://www.debian.org/security/2022/dsa-5166
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=260
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW/
https://lists.schedmd.com/pipermail/slurm-announce/
https://www.debian.org/security/2022/dsa-5166
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=260