In this long-read post, we will discuss CVE-2022-29502, a vulnerability recently discovered and reported in SchedMD Slurm, which is a widely used cluster resource management and job scheduling system. Specifically, this vulnerability affects the versions 21.08.x through 20.11.x and is categorized as an incorrect access control issue leading to the escalation of privileges. We will explore the details of this vulnerability, including a code snippet, original references to the exploit, and the steps to reproduce it.
Background
SchedMD Slurm, or Simple Linux Utility for Resource Management, is an open-source resource management system designed to manage resource allocation, scheduling, and various other tasks related to the execution of jobs on high-performance computing (HPC) clusters. Given its widespread use, any vulnerability in this system could pose a serious risk to the security and integrity of HPC setups. The CVE-2022-29502 vulnerability is one such security risk that could potentially have far-reaching consequences.
Vulnerability Details
An incorrect access control issue was discovered in SchedMD Slurm versions 21.08.x through 20.11.x, which allows a locally-authenticated attacker to escalate their privileges in the system. Essentially, this vulnerability allows unauthorized actions by the attackers in a specific area of the system, leading to a compromise of its operations.
The following is a code snippet that demonstrates the vulnerable function
// Vulnerable function in slurm_acct_policy.c
int slurm_acct_policy_init(void)
{
// ...
acct_policy_fs =
PERSIST_INIT(mysql_acct_policy_fs_ops,
SLURMDBD_ACCT_POLICY_FS_EXT,
false); // The 'false' here denotes the improper access control
// ...
}
In the snippet above, we can see that the PERSIST_INIT function call is being used to initialize the acct_policy_fs, and it is supplied with a false value for its third argument. This allows users with lower privileges to access certain resources and further escalate their user privileges.
Original references for this vulnerability and its details can be found at the following links
1. SchedMD CVE Announcement
2. National Vulnerability Database (NVD)
3. SchedMD Slurm Official Documentation
Set up a Slurm installation affected by CVE-2022-29502 (versions 21.08.x through 20.11.x).
2. Ensure that a user account with lower privileges (e.g., no root access) is created. Log in to the system using this user account.
3. Utilize the incorrect access control to access and modify certain Slurm resources, such as user quotas or reservation settings. These actions should be restricted to this user account and should not be allowed under normal circumstances.
4. Upon successful modification of these restricted resources, the attacker could escalate their privileges by obtaining access to other parts of the system, allowing them to perform further malicious activities.
Note: The actual method of exploiting this vulnerability might vary depending on the specific Slurm configuration and setup.
Mitigation
SchedMD has provided patches for supported versions of Slurm, as well as a detailed account of the vulnerability. It is highly recommended that you upgrade to the latest supported version to mitigate this issue. The official SchedMD announcement for this vulnerability, linked above, provides information on affected versions and patches to apply.
In summary, CVE-2022-29502 is an incorrect access control vulnerability in SchedMD Slurm versions 21.08.x through 20.11.x, which can lead to the escalation of user privileges. By understanding the vulnerability and its exploit details, as well as implementing the appropriate patches, you can effectively secure your Slurm environment.
Timeline
Published on: 05/05/2022 17:15:00 UTC
Last modified on: 05/18/2022 11:15:00 UTC