{"id":"USN-8236-1","summary":"slurm-wlm vulnerabilities","details":"It was discovered that Slurm did not correctly handle certain file system\noperations. An attacker could possibly use this issue to modify files or\nleak sensitive information. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2023-41914)\n\nRyan Hall discovered that Slurm did not correctly enforce certain message\nintegrity checks. An attacker could possibly use this issue to bypass\nintegrity checks. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2023-49933)\n\nRyan Hall discovered that Slurm did not correctly handle certain memory\noperations. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2023-49937)\n\nRyan Hall discovered that Slurm did not correctly handle certain access\ncontrol mechanisms. An attacker could possibly use this issue to modify\nfiles or leak sensitive information. This issue only affected Ubuntu 22.04\nLTS. (CVE-2023-49938)\n\nIt was discovered that Slurm did not correctly handle user promotion. An\nattacker could possibly use this issue to promote themselves to an\nadministrator. (CVE-2025-43904)","modified":"2026-05-08T12:48:23.724324061Z","published":"2026-05-06T05:43:00Z","related":["UBUNTU-CVE-2023-41914","UBUNTU-CVE-2023-49933","UBUNTU-CVE-2023-49937","UBUNTU-CVE-2023-49938","UBUNTU-CVE-2025-43904"],"upstream":["CVE-2023-41914","CVE-2023-49933","CVE-2023-49937","CVE-2023-49938","CVE-2025-43904","UBUNTU-CVE-2023-41914","UBUNTU-CVE-2023-49933","UBUNTU-CVE-2023-49937","UBUNTU-CVE-2023-49938","UBUNTU-CVE-2025-43904"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8236-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-41914"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49933"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49937"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49938"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-43904"}],"affected":[{"package":{"name":"slurm-wlm","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/slurm-wlm@21.08.5-2ubuntu1+esm2?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.08.5-2ubuntu1+esm2"}]}],"versions":["20.11.7+really20.11.4-2","21.08.5-1","21.08.5-1.1","21.08.5-2","21.08.5-2ubuntu1","21.08.5-2ubuntu1+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libpam-slurm"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libpam-slurm-adopt"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libpmi0"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libpmi2-0"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libslurm-perl"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libslurm37"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"libslurmdb-perl"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurm-client"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurm-client-emulator"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurm-wlm"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurm-wlm-basic-plugins"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurm-wlm-emulator"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurm-wlm-torque"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurmctld"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurmd"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurmdbd"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"slurmrestd"},{"binary_version":"21.08.5-2ubuntu1+esm2","binary_name":"sview"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8236-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2023-41914","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-49933","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-49937","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-49938","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-43904","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"slurm-wlm","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/slurm-wlm@23.11.4-1.2ubuntu5+esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.11.4-1.2ubuntu5+esm1"}]}],"versions":["23.02.3-2ubuntu1","23.02.6-1ubuntu2","23.02.6-1ubuntu3","23.11.3-1ubuntu1","23.11.3-2ubuntu1","23.11.3-2ubuntu2","23.11.4-1.2ubuntu4","23.11.4-1.2ubuntu5"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libpam-slurm"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libpam-slurm-adopt"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libpmi0t64"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libpmi2-0t64"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libslurm-perl"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libslurm40t64"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"libslurmdb-perl"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"sackd"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-client"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-client-emulator"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-basic-plugins"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-elasticsearch-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-emulator"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-hdf5-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-influxdb-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-ipmi-plugins"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-jwt-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-kafka-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-mysql-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-plugins"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-rrd-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-rsmi-plugin"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurm-wlm-torque"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurmctld"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurmd"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurmdbd"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"slurmrestd"},{"binary_version":"23.11.4-1.2ubuntu5+esm1","binary_name":"sview"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8236-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"id":"CVE-2025-43904","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}