CVE-2022-29501

EUVD-2022-33838
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
schedmdslurm
𝑥
< 20.11.9
schedmdslurm
21.08.0 ≤
𝑥
< 21.08.08
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
slurm-wlm
bookworm
22.05.8-4+deb12u2
fixed
bookworm (security)
22.05.8-4+deb12u2
fixed
bullseye
20.11.7+really20.11.4-2+deb11u1
fixed
bullseye (security)
20.11.7+really20.11.4-2+deb11u1
fixed
buster
no-dsa
sid
24.05.2-1
fixed
trixie
24.05.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
slurm-llnl
bionic
needed
focal
Fixed 19.05.5-1ubuntu0.1~esm2
released
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
needed
xenial
needed
slurm-wlm
bionic
dne
focal
dne
impish
ignored
jammy
Fixed 21.08.5-2ubuntu1+esm1
released
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW/
https://lists.schedmd.com/pipermail/slurm-announce/
https://www.debian.org/security/2022/dsa-5166
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=260
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW/
https://lists.schedmd.com/pipermail/slurm-announce/
https://www.debian.org/security/2022/dsa-5166
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=260