VYPR
← All advisories
Unrated severityNVD Advisory· Published May 5, 2022· Updated Aug 3, 2024

CVE-2022-29502

CVE-2022-29502

Description

SchedMD Slurm versions 20.11.x through 21.08.x contain an incorrect access control vulnerability that allows privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SchedMD Slurm versions 20.11.x through 21.08.x contain an incorrect access control vulnerability that allows privilege escalation.

Vulnerability

SchedMD Slurm versions 20.11.x through 21.08.x suffer from an incorrect access control vulnerability that can lead to privilege escalation. The exact mechanism is not detailed in the available references [1][2].

Exploitation

No specific exploitation steps are disclosed in the provided references. The vulnerability may be exploitable by an unauthenticated or low-privileged user to gain elevated privileges.

Impact

Successful exploitation allows an attacker to escalate privileges within the Slurm environment, potentially gaining full control over the job scheduler and cluster resources.

Mitigation

The vulnerability is patched in later Slurm releases; users should upgrade to a fixed version. The exact fixed version is not specified in the references, but the vendor's current release notes [1][2] indicate ongoing development. Check the vendor's security advisories for updates.

References
  1. Releases · SchedMD/slurm
  2. Releases · SchedMD/slurm

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

38

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing access control checks in Slurm's RPC handling allow privilege escalation."

Attack vector

An attacker with low-privileged access to a Slurm cluster can exploit missing access control checks to escalate privileges. The advisory describes the issue as "Incorrect Access Control that leads to Escalation of Privileges" [ref_id=1]. The exact attack vector is not detailed in the bundle, but the vulnerability class implies the attacker can send crafted RPCs or commands that the controller fails to properly authorize, allowing the attacker to perform actions reserved for higher-privileged users.

Affected code

The advisory does not specify exact functions or file paths. The vulnerability is described as "Incorrect Access Control" in SchedMD Slurm versions 21.08.x through 20.11.x [ref_id=1]. No patch or code diff is provided in the bundle.

What the fix does

The bundle does not contain a patch or specific remediation steps. The advisory only states that versions 21.08.x through 20.11.x are affected by the incorrect access control issue [ref_id=1]. No fix commit, workaround, or upgrade guidance is provided in the supplied reference material.

Preconditions

  • authAttacker must have a valid low-privileged account on the Slurm cluster.
  • configThe Slurm controller must be running a vulnerable version (21.08.x through 20.11.x).

Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.