Bug#1104929: slurm-wlm: CVE-2025-4390

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1104929: slurm-wlm: CVE-2025-4390
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 08 May 2025 21:26:57 +0200
Message-id: <[🔎] 174673241774.1482115.18114041420112258454.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1104929@bugs.debian.org

Source: slurm-wlm
Version: 24.11.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for slurm-wlm.

CVE-2025-4390[0]:
| A mistake with permission handling for Coordinators within Slurm's 
| accounting system can allow a Coordinator to promote a user to 
| Administrator.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-4390
    https://www.cve.org/CVERecord?id=CVE-2025-4390
[1] https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1104929: marked as done (slurm-wlm: CVE-2025-4390)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#716311: Question
Next by Date: Bug#1102068: libfabric: FTBFS on 32-bit arches: ofi_cma.h: error: passing argument 2 of 'ofi_consume_iov' from incompatible pointer type
Previous by thread: Bug#716311: Question
Next by thread: Bug#1104929: marked as done (slurm-wlm: CVE-2025-4390)
Index(es):
- Date
- Thread