SchedMD Slurm privilege escalation | CVE-2022-29501

NAME

SchedMD Slurm privilege escalation


  • Platforms Affected:
    SchedMD Slurm 20.11.6
    SchedMD Slurm 20.02.6
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Privileges

DESCRIPTION

SchedMD Slurm could allow a remote attacker to gain elevated privileges on the system, caused by improper access control in a network RPC handler in the slurmd daemon used for PMI2 and PMIx support. An attacker could exploit this vulnerability to send data to an arbitrary unix socket on the host with root privileges.


CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to the SchedMD Web site for patch, upgrade or suggested workaround information. See References.


Read more here: Source link