CVE-2019-19728
Description
A race condition in Slurm's srun --uid can cause tasks to run as root instead of the specified user, allowing privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in Slurm's srun --uid can cause tasks to run as root instead of the specified user, allowing privilege escalation.
Vulnerability
SchedMD Slurm versions before 18.08.9 and 19.x before 19.05.5 contain a race condition in the srun --uid command. The --uid option is intended to run a task as a specific user, but due to a race condition between successive lookup calls within the srun client, the process may not drop privileges correctly and instead run tasks as root [1].
Exploitation
An attacker must be root to use the srun --uid option. By exploiting the race window between user lookup calls, the attacker can cause srun to launch tasks with root privileges despite the --uid specification [1].
Impact
Successful exploitation allows an attacker to execute tasks as root instead of the intended user, leading to privilege escalation within the Slurm cluster. The attacker can gain full control over jobs and potentially the underlying system [1].
Mitigation
The issue is fixed in Slurm versions 18.08.9 and 19.05.5 [1]. Distributions such as SUSE and openSUSE have released patches (e.g., SUSE-SU-2020:0110-1 and openSUSE-SU-2020:0085-1) [1]. SchedMD recommends avoiding the use of srun --uid as it does not load the target user's environment and may be removed in a future release [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16- SchedMD/Slurmdescription
- osv-coords14 versionspkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/slurm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1pkg:rpm/suse/pdsh_slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1
< 18.08.9-lp151.2.6.1+ 13 more
- (no CPE)range: < 18.08.9-lp151.2.6.1
- (no CPE)range: < 21.08.1-1.1
- (no CPE)range: < 2.33-7.18.1
- (no CPE)range: < 2.33-7.6.1
- (no CPE)range: < 2.33-7.6.1
- (no CPE)range: < 2.34-7.26.2
- (no CPE)range: < 2.34-7.26.2
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 18.08.9-3.5.1
- (no CPE)range: < 18.08.9-1.5.2
- (no CPE)range: < 20.02.3-3.5.1
- (no CPE)range: < 20.11.4-3.5.1
- (no CPE)range: < 17.02.11-6.39.1
- (no CPE)range: < 18.08.9-3.10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A race condition in the srun client allows tasks to be launched as root instead of the intended user."
Attack vector
The vulnerability is triggered when the root user executes `srun --uid` with successive lookup calls. A race condition between these calls can cause the `srun` command to fail to drop into the correct user account. Instead, it prints a warning message but proceeds to launch the tasks as the root user [ref_id=1]. This option is only available to the root user and does not load the target user's environment, instead exporting the root user's environment [ref_id=1].
Affected code
The vulnerability lies within the `srun` client command, specifically related to the handling of the `--uid` option. The issue arises due to a race condition between successive lookup calls within this client command [ref_id=1].
What the fix does
The advisory indicates that SchedMD does not recommend the use of the `srun --uid` option and may remove it in a future release [ref_id=1]. Updates were released for SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 and SUSE Linux Enterprise Module for HPC 15-SP1, including a fix for this vulnerability [ref_id=1].
Preconditions
- authThe `srun --uid` option is only available to the root user.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.htmlmitrevendor-advisoryx_refsource_SUSE
- www.debian.org/security/2021/dsa-4841mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- lists.schedmd.com/pipermail/slurm-announce/mitrex_refsource_MISC
- www.schedmd.com/news.phpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.