Unrated severityNVD Advisory· Published Sep 7, 2022· Updated Sep 17, 2024

slurm: %post for slurm-testsuite operates as root in user owned directory

CVE-2022-31251

Description

Local privilege escalation in openSUSE Factory slurm testsuite packaging allows slurm user to gain root via race condition during package update.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local privilege escalation in openSUSE Factory slurm testsuite packaging allows slurm user to gain root via race condition during package update.

Vulnerability

A incorrect default permissions vulnerability exists in the packaging of the slurm testsuite for openSUSE Factory. The directory /srv/slurm-testsuite is owned by the slurm user, but the %post scriptlet in the RPM package runs as root and performs a tar extraction from a file (slurmtest.tar.bz2) located in that same directory. This allows a local attacker with control over the slurm user to escalate privileges to root. Affected versions are openSUSE Factory slurm prior to 22.05.2-3.3 [1].

Exploitation

An attacker must have local access as the slurm user. During a package update (or initial installation), the %post scriptlet copies slurmtest.tar.bz2 into /srv/slurm-testsuite and then extracts it with tar --same-owner -C /srv/slurm-testsuite -xjf. Because the directory is writable by slurm, the attacker can use a race condition: after the file is written but before tar reads it, the attacker can delete the legitimate archive and replace it with a malicious one. The proof-of-concept in [1] uses inotifywait to detect the file close event, then replaces the archive with a crafted tarball containing many directories (e.g., 10,000) to increase the race window. The tar extraction then runs as root, creating files and directories owned by root under the attacker's control.

Impact

Successful exploitation allows the slurm user to create arbitrary files and directories on the system with root ownership. This can be leveraged to achieve full root compromise, for example by overwriting system binaries or configuration files. The impact is a complete loss of confidentiality, integrity, and availability.

Mitigation

The vulnerability is fixed in slurm version 22.05.2-3.3 for openSUSE Factory. Users should update to this version or later. No workaround is documented. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.

References

%post for slurm-testsuite operates as root in user owned directory

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Llnl/Slurmllm-fuzzy
Range: <22.05.2-3.3
osv-coords55 versions
pkg:rpm/opensuse/pdsh&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/pdsh&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/pdsh_slurm_20_02&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/pdsh_slurm_20_02&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/pdsh_slurm_20_11&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/pdsh_slurm_20_11&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/pdsh_slurm_22_05&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/pdsh_slurm_22_05&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/slurm_18_08&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/slurm_18_08&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/slurm_20_02&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/slurm_20_02&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/slurm_22_05&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/slurm_22_05&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP4 pkg:rpm/suse/pdsh_slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh_slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/pdsh_slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP4 pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP4 pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012
< 2.34-150300.35.2+ 54 more
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150200.4.6.2
- (no CPE)range: < 2.34-150200.4.6.2
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 18.08.9-150000.1.17.1
- (no CPE)range: < 18.08.9-150000.1.17.1
- (no CPE)range: < 20.02.7-150100.3.24.1
- (no CPE)range: < 20.02.7-150100.3.24.1
- (no CPE)range: < 22.05.5-150300.7.3.2
- (no CPE)range: < 22.05.5-150300.7.3.2
- (no CPE)range: < 18.08.9-150100.3.22.1
- (no CPE)range: < 18.08.9-150100.3.22.1
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150200.4.6.2
- (no CPE)range: < 2.34-150200.4.6.2
- (no CPE)range: < 2.34-7.35.2
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 2.34-7.35.3
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-7.35.3
- (no CPE)range: < 2.34-7.35.3
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150100.10.14.1
- (no CPE)range: < 2.34-150200.4.6.2
- (no CPE)range: < 2.34-150200.4.6.2
- (no CPE)range: < 2.34-7.35.5
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 2.34-150300.35.2
- (no CPE)range: < 18.08.9-150000.1.17.1
- (no CPE)range: < 18.08.9-150000.1.17.1
- (no CPE)range: < 18.08.9-3.17.1
- (no CPE)range: < 20.02.7-150100.3.24.1
- (no CPE)range: < 20.02.7-150100.3.24.1
- (no CPE)range: < 20.02.7-3.14.1
- (no CPE)range: < 22.05.5-150100.3.3.1
- (no CPE)range: < 22.05.5-150100.3.3.1
- (no CPE)range: < 22.05.5-150200.5.3.2
- (no CPE)range: < 22.05.5-150200.5.3.2
- (no CPE)range: < 22.05.5-3.3.5
- (no CPE)range: < 22.05.5-150300.7.3.2
- (no CPE)range: < 22.05.5-150300.7.3.2
- (no CPE)range: < 18.08.9-150100.3.22.1
- (no CPE)range: < 18.08.9-150100.3.22.1
- (no CPE)range: < 20.02.7-150200.3.14.2
- (no CPE)range: < 20.02.7-150200.3.14.2
- (no CPE)range: < 17.11.13-150000.6.40.1
- (no CPE)range: < 17.11.13-150000.6.40.1
- (no CPE)range: < 17.02.11-6.53.1
SUSE S.A./openSUSE Factory sendmailcpe-rescue
Range: slurm

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

bugzilla.suse.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000