VYPR
← All advisories
Unrated severityNVD Advisory· Published May 5, 2022· Updated Aug 3, 2024

CVE-2022-29501

CVE-2022-29501

Description

SchedMD Slurm versions 20.11.x through 21.08.x contain an incorrect access control vulnerability leading to privilege escalation and arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SchedMD Slurm versions 20.11.x through 21.08.x contain an incorrect access control vulnerability leading to privilege escalation and arbitrary code execution.

Vulnerability

In SchedMD Slurm versions 20.11.x through 21.08.x, an incorrect access control vulnerability exists [1][2]. The exact component is not publicly detailed, but the CVE description confirms it leads to privilege escalation and code execution.

Exploitation

An attacker with low privileges can exploit this vulnerability. The specific attack vector is not disclosed in available references. According to the CVE description, exploitation results in privilege escalation.

Impact

Successful exploitation allows an attacker to escalate privileges and execute arbitrary code on the Slurm cluster, compromising confidentiality, integrity, and availability.

Mitigation

No specific fix is available in the referenced sources. Users should monitor SchedMD's security advisories for updates. As of the publication date, no patch has been released.

References
  1. Releases · SchedMD/slurm
  2. Releases · SchedMD/slurm

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

65

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Incorrect access control in SchedMD Slurm allows unauthorized privilege escalation."

Attack vector

An attacker with low-privileged access to a Slurm cluster can exploit incorrect access control checks to perform actions normally restricted to administrators [ref_id=1]. The advisory does not detail the exact network path or payload shape, but the impact is described as escalation of privileges and code execution [ref_id=1]. The vulnerability affects Slurm versions 21.08.x through 20.11.x.

Affected code

The advisory does not specify exact functions or files. The vulnerability is described as "Incorrect Access Control" in SchedMD Slurm versions 21.08.x through 20.11.x, leading to escalation of privileges and code execution [ref_id=1]. No patch diff or specific code paths are identified in the supplied bundle.

What the fix does

The advisory does not include a specific patch diff. The vendor (SchedMD) has addressed this vulnerability in subsequent releases, as indicated by the release notes for versions 25.11.6, 25.05.8, and 26.05.0rc1 [ref_id=1]. Users should upgrade to a patched version of Slurm to remediate the incorrect access control flaw.

Preconditions

  • authAttacker must have a low-privileged account on the Slurm cluster
  • configAffected Slurm version between 20.11.x and 21.08.x

Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.