SchedMD Slurm privilege escalation | CVE-2022-29501

May 10, 2022

NAME

SchedMD Slurm privilege escalation

  • Platforms Affected:
    SchedMD Slurm 20.11.6
    SchedMD Slurm 20.02.6
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Privileges

DESCRIPTION

SchedMD Slurm could allow a remote attacker to gain elevated privileges on the system, caused by improper access control in a network RPC handler in the slurmd daemon used for PMI2 and PMIx support. An attacker could exploit this vulnerability to send data to an arbitrary unix socket on the host with root privileges.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to the SchedMD Web site for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://www.schedmd.com/news.php?id=260
  • Reference Link:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29501

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[LYNX] – Ransomware Victim: Grupo_Trisan

November 16, 2024
brute ratel c4

Brute Ratel C4 Detected – 52[.]193[.]97[.]60:80

November 16, 2024
CISA Logo

CISA: CISA Releases One Industrial Control Systems Advisory

November 16, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 16, 2024
CISA Logo

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

November 16, 2024