Slurm versions 24.05.2, 23.11.9, and 23.02.8 are now available (security fix for switch plugins)

Slurm versions 24.05.2, 23.11.9, and 23.02.8 are now available and include a fix for a recently discovered security issue with the switch plugins.

SchedMD customers were informed on July 17th and provided a patch on request; this process is documented in our security policy.

For the switch/hpe_slingshot and switch/nvidia_imex plugins, a user could override the isolation between Slingshot VNIs or IMEX channels.
If you do not have one of these switch plugins configured, then you are not impacted by this issue.
It is unclear what, if any, information could be accessed with access to an unauthorized channel. This disclosure is being made out of an abundance of caution.
If you do have one of these plugins enabled, the slurmctld must be restarted before the slurmd daemons to avoid disruption.