CVE-2020-27746
Description
Slurm before 19.05.8 and 20.x before 20.02.6 exposes X11 magic cookies via /proc race condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Slurm before 19.05.8 and 20.x before 20.02.6 exposes X11 magic cookies via /proc race condition.
Vulnerability
A race condition exists in the read operation on the /proc filesystem for X11 authentication (xauth) magic cookies in Slurm versions before 19.05.8 and 20.x before 20.02.6 [1]. This race allows an unauthorized actor to access sensitive information (the X11 magic cookies) when the race window is successfully exploited.
Exploitation
An attacker must have local access to the system and the ability to time reads of /proc entries during the window when Slurm processes X11 forwarding. The race condition requires precise timing to read the cookie data before it is properly protected or cleared.
Impact
Successful exploitation leads to the disclosure of X11 magic cookies, which can allow an attacker to intercept or hijack X11 sessions. This constitutes a loss of confidentiality and can enable further unauthorized access to the user's X11 session.
Mitigation
Upgrade to Slurm 19.05.8, 20.02.6, or later releases where the race condition is fixed [1]. No workaround is documented in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19- Slurm/Slurmdescription
- osv-coords17 versionspkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/slurm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/pdsh_slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2
< 18.08.9-lp151.2.14.1+ 16 more
- (no CPE)range: < 18.08.9-lp151.2.14.1
- (no CPE)range: < 20.02.6-lp152.2.3.1
- (no CPE)range: < 21.08.1-1.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 18.08.9-1.11.1
- (no CPE)range: < 18.08.9-1.11.1
- (no CPE)range: < 18.08.9-3.11.1
- (no CPE)range: < 20.02.6-3.8.1
- (no CPE)range: < 20.02.6-3.16.1
- (no CPE)range: < 20.11.4-3.5.1
- (no CPE)range: < 17.11.13-6.34.1
- (no CPE)range: < 17.11.13-6.34.1
- (no CPE)range: < 18.08.9-3.16.4
- (no CPE)range: < 20.02.6-3.3.4
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Race condition in the read operation on the /proc filesystem used by xauth for X11 magic cookies allows an unauthorized actor to obtain sensitive information."
Attack vector
An unauthorized local user can exploit a TOCTOU (time-of-check, time-of-use) race condition in the read of `/proc` filesystem entries used by `xauth` for X11 magic cookies. By racing the read operation, the attacker can obtain the X11 magic cookie of another user's job, which can then be used to connect to that user's X11 display and capture keystrokes, screen contents, or inject input. The attack requires the attacker to have a local account on the cluster node and the ability to time the race window.
Affected code
The advisory states that Slurm before 19.05.8 and 20.x before 20.02.6 exposes sensitive information because `xauth` for X11 magic cookies is affected by a race condition in a read operation on the `/proc` filesystem. The patch notes in [ref_id=1] mention a "rare potential race condition in x11 forwarding that could result in a double free" and a "potential glibc deadlock when tearing down the extern step when x11 forwarding is enabled," confirming the affected code path involves X11 forwarding and the handling of xauth cookies.
What the fix does
The advisory does not provide a specific patch diff, but the release notes in [ref_id=1] indicate that the fix addresses the race condition in the read operation on `/proc` used by `xauth` for X11 magic cookies. The fix likely serializes or locks the `/proc` read to prevent a concurrent attacker from intercepting the cookie during the time-of-check-to-time-of-use window. Later versions also fix a related double-free and a glibc deadlock in the X11 forwarding path, further hardening the cookie handling.
Preconditions
- authAttacker must have a local user account on the Slurm cluster node where the victim's job is running.
- configThe victim's job must be using X11 forwarding (i.e., requested `--x11` or equivalent).
- inputThe attacker must be able to execute code on the same node and time the race window against the `/proc` read by `xauth`.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- www.debian.org/security/2021/dsa-4841mitrevendor-advisoryx_refsource_DEBIAN
- www.schedmd.com/news.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.