CVE-2020-27745
Description
Slurm versions before 19.05.8 and 20.x before 20.02.6 contain a buffer overflow in the PMIx MPI plugin via RPC, potentially leading to remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Slurm versions before 19.05.8 and 20.x before 20.02.6 contain a buffer overflow in the PMIx MPI plugin via RPC, potentially leading to remote code execution.
Vulnerability
Slurm before 19.05.8 and 20.x before 20.02.6 have a buffer overflow vulnerability in the PMIx MPI plugin. The vulnerability is triggered via RPC requests. [1]
Exploitation
An attacker can exploit this by sending a specially crafted RPC request to the PMIx plugin. No authentication is required if the attacker can reach the Slurm control daemon. [1]
Impact
Successful exploitation could allow an attacker to cause a buffer overflow, potentially leading to remote code execution with the privileges of the Slurm daemon. [1]
Mitigation
Upgrade to Slurm 19.05.8 or 20.02.6 or later. As of the available references, no workaround is provided. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
20- Slurm/Slurmdescription
- osv-coords18 versionspkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/slurm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2
< 18.08.9-lp151.2.14.1+ 17 more
- (no CPE)range: < 18.08.9-lp151.2.14.1
- (no CPE)range: < 20.02.6-lp152.2.3.1
- (no CPE)range: < 21.08.1-1.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 18.08.9-1.11.1
- (no CPE)range: < 18.08.9-1.11.1
- (no CPE)range: < 18.08.9-3.11.1
- (no CPE)range: < 20.02.6-3.8.1
- (no CPE)range: < 20.02.6-3.16.1
- (no CPE)range: < 20.11.4-3.5.1
- (no CPE)range: < 17.11.13-6.34.1
- (no CPE)range: < 17.11.13-6.34.1
- (no CPE)range: < 17.02.11-6.47.1
- (no CPE)range: < 18.08.9-3.16.4
- (no CPE)range: < 20.02.6-3.3.4
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking in the PMIx MPI plugin's RPC handler allows a crafted message to overflow a fixed-size buffer."
Attack vector
An attacker can send a specially crafted RPC message to the PMIx MPI plugin, triggering a buffer overflow [ref_id=1]. The advisory does not detail the exact preconditions or payload shape, but the attack is network-based and targets the RPC handling path in the PMIx plugin. Successful exploitation could allow the attacker to corrupt memory and potentially achieve code execution or cause a denial of service.
Affected code
The vulnerability resides in the PMIx MPI plugin within Slurm, which handles RPC communication for MPI job steps. The advisory does not specify exact function or file names, but the bug is described as an "RPC Buffer Overflow" in this plugin [ref_id=1].
What the fix does
The fix is included in Slurm versions 19.05.8 and 20.02.6 [ref_id=1]. The advisory does not provide a patch diff or describe the specific code changes, but the remediation addresses the buffer overflow by correcting the RPC message handling in the PMIx MPI plugin to properly validate or limit input sizes before copying into fixed-size buffers.
Preconditions
- networkThe attacker must be able to send network RPC messages to a Slurm node running the PMIx MPI plugin.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.debian.org/security/2021/dsa-4841mitrevendor-advisoryx_refsource_DEBIAN
- lists.debian.org/debian-lts-announce/2022/01/msg00011.htmlmitremailing-listx_refsource_MLIST
- www.schedmd.com/news.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.