[QSA-0515253]
Slurm vulnerabilities

Qlustar Security Advisory 0515253

May 15th, 2025

Summary:

Slurm vulnerabilities

Package(s)       : slurm-wlm-basic-plugins
Qlustar releases : 13, 14
Affected versions: All versions prior to this update
Vulnerability    : Privilege escalation
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2025-43904

Relevant to Qlustar 13 and 14

A mistake with permission handling for Coordinators within Slurm’s accounting system can allow a Coordinator to promote a user to Administrator.

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions:

For Qlustar 14

slurm-wlm-basic-plugins                     24.11.5+ds.1-ql.1+14-noble

For Qlustar 13

slurm-wlm-basic-plugins                     24.11.5+ds.1-ql.1+13-jammy