Home / mailingsPDF  

[USN-8236-1] Slurm vulnerabilities

Posted on 07 May 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8236-1
May 06, 2026

slurm-wlm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Slurm.

Software Description:
- slurm-wlm: Simple Linux Utility for Resource Management

Details:

It was discovered that Slurm did not correctly handle certain file system
operations. An attacker could possibly use this issue to modify files or
leak sensitive information. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-41914)

Ryan Hall discovered that Slurm did not correctly enforce certain message
integrity checks. An attacker could possibly use this issue to bypass
integrity checks. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-49933)

Ryan Hall discovered that Slurm did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-49937)

Ryan Hall discovered that Slurm did not correctly handle certain access
control mechanisms. An attacker could possibly use this issue to modify
files or leak sensitive information. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-49938)

It was discovered that Slurm did not correctly handle user promotion. An
attacker could possibly use this issue to promote themselves to an
administrator. (CVE-2025-43904)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libpam-slurm 23.11.4-1.2ubuntu5+esm1
Available with Ubuntu Pro
libpam-slurm-dev 23.11.4-1.2ubuntu5+esm1
Available with Ubuntu Pro
libslurm-dev 23.11.4-1.2ubuntu5+esm1
Available with Ubuntu Pro
slurm-wlm 23.11.4-1.2ubuntu5+esm1
Available with Ubuntu Pro
slurmctld 23.11.4-1.2ubuntu5+esm1
Available with Ubuntu Pro
slurmd 23.11.4-1.2ubuntu5+esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libpam-slurm 21.08.5-2ubuntu1+esm2
Available with Ubuntu Pro
libslurm-dev 21.08.5-2ubuntu1+esm2
Available with Ubuntu Pro
slurm-wlm 21.08.5-2ubuntu1+esm2
Available with Ubuntu Pro
slurmctld 21.08.5-2ubuntu1+esm2
Available with Ubuntu Pro
slurmd 21.08.5-2ubuntu1+esm2
Available with Ubuntu Pro

After a standard system update you need to restart Slurm to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-8236-1
CVE-2023-41914, CVE-2023-49933, CVE-2023-49937, CVE-2023-49938,
CVE-2025-43904

--===============4854013995435822978==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :