[slurm-announce] Slurm versions 23.02.6 and 22.05.10 are now available (CVE-2023-41914)
Tim Wickberg
tim at schedmd.com
Wed Oct 11 20:01:49 UTC 2023
Slurm versions 23.02.6 and 22.05.10 are now available to address a
number of filesystem race conditions that could let an attacker take
control of an arbitrary file, or remove entire directories' contents
(CVE-2023-41914).
SchedMD customers were informed on September 27th and provided a patch
on request; this process is documented in our security policy [1].
--------
CVE-2023-41914:
A number of race conditions have been identified within the
slurmd/slurmstepd processes that can lead to the user taking ownership
of an arbitrary file on the system. A related issue can lead to the user
overwriting an arbitrary file on the compute node (although with data
that is not directly under their control). A related issue can also lead
to the user deleting all files and sub-directories of an arbitrary
target directory on the compute node.
Thank you to François Diakhate (CEA) for reporting the original issue to
us. A number of related issues were found during an extensive audit of
Slurm's filesystem handling code in reaction to that report, and are
included here in this same disclosure.
--------
SchedMD only issues security fixes for the supported releases (currently
23.02 and 22.05). Due to the complexity of these fixes, we do not
recommend attempting to backport the fixes to older releases, and
strongly encourage sites to upgrade to fixed versions immediately.
Downloads are available at https://www.schedmd.com/downloads.php .
Release notes follow below.
- Tim
[1] https://www.schedmd.com/security.php
--
Tim Wickberg
Chief Technology Officer, SchedMD LLC
Commercial Slurm Development and Support
> * Changes in Slurm 23.02.6
> ==========================
> -- Fix CpusPerTres= not upgreadable with scontrol update
> -- Fix unintentional gres removal when validating the gres job state.
> -- Fix --without-hpe-slingshot configure option.
> -- Fix cgroup v2 memory calculations when transparent huge pages are used.
> -- Fix parsing of sgather --timeout option.
> -- Fix regression from 22.05.0 that caused srun --cpu-bind "=verbose" and "=v"
> options give different CPU bind masks.
> -- Fix "_find_node_record: lookup failure for node" error message appearing
> for all dynamic nodes during reconfigure.
> -- Avoid segfault if loading serializer plugin fails.
> -- slurmrestd - Correct OpenAPI format for 'GET /slurm/v0.0.39/licenses'.
> -- slurmrestd - Correct OpenAPI format for 'GET /slurm/v0.0.39/job/{job_id}'.
> -- slurmrestd - Change format to multiple fields in 'GET
> /slurmdb/v0.0.39/assocations' and 'GET /slurmdb/v0.0.39/qos' to handle
> infinite and unset states.
> -- When a node fails in a job with --no-kill, preserve the extern step on the
> remaining nodes to avoid breaking features that rely on the extern step
> such as pam_slurm_adopt, x11, and job_container/tmpfs.
> -- auth/jwt - Ignore 'x5c' field in JWKS files.
> -- auth/jwt - Treat 'alg' field as optional in JWKS files.
> -- Allow job_desc.selinux_context to be read from the job_submit.lua script.
> -- Skip check in slurmstepd that causes a large number of errors in the munge
> log: "Unauthorized credential for client UID=0 GID=0". This error will
> still appear on slurmd/slurmctld/slurmdbd start up and is not a cause for
> concern.
> -- slurmctld - Allow startup with zero partitions.
> -- Fix some mig profile names in slurm not matching nvidia mig profiles.
> -- Prevent slurmscriptd processing delays from blocking other threads in
> slurmctld while trying to launch {Prolog|Epilog}Slurmctld.
> -- Fix sacct printing ReqMem field when memory doesn't exist in requested TRES.
> -- Fix how heterogenous steps in an allocation with CR_PACK_NODE or -mpack are
> created.
> -- Fix slurmctld crash from race condition within job_submit_throttle plugin.
> -- Fix --with-systemdsystemunitdir when requesting a default location.
> -- Fix not being able to cancel an array task by the jobid (i.e. not
> <jobid>_<taskid>) through scancel, job launch failure or prolog failure.
> -- Fix cancelling the whole array job when the array task is the meta job and
> it fails job or prolog launch and is not requeable. Cancel only the
> specific task instead.
> -- Fix regression in 21.08.2 where MailProg did not run for mail-type=end for
> jobs with non-zero exit codes.
> -- Fix incorrect setting of memory.swap.max in cgroup/v2.
> -- Fix jobacctgather/cgroup collection of disk/io, gpumem, gpuutil TRES values.
> -- Fix -d singleton for heterogeneous jobs.
> -- Downgrade info logs about a job meeting a "maximum node limit" in the
> select plugin to DebugFlags=SelectType. These info logs could spam the
> slurmctld log file under certain circumstances.
> -- prep/script - Fix [Srun|Task]<Prolog|Epilog> missing SLURM_JOB_NODELIST.
> -- gres - Rebuild GRES core bitmap for nodes at startup. This fixes error:
> "Core bitmaps size mismatch on node [HOSTNAME]", which causes jobs to enter
> state "Requested node configuration is not available".
> -- slurmctd - Allow startup with zero nodes.
> -- Fix filesystem handling race conditions that could lead to an attacker
> taking control of an arbitrary file, or removing entire directories'
> contents. CVE-2023-41914.
> * Changes in Slurm 22.05.10
> ===========================
> -- Fix filesystem handling race conditions that could lead to an attacker
> taking control of an arbitrary file, or removing entire directories'
> contents. CVE-2023-41914.
More information about the slurm-announce
mailing list