It has been reported that there is a vulnerability in the Slurm interconnect plugin switch/hpe_slingshot, which leverages the capabilities of Slingshot interconnect. There is a problem with isolating the communication from other channels.
Same issue with switch/nvidia_imex, this is the NVIDIA interconnect used on DGX machines for example.
A user could override the isolation between Slingshot VNIs or IMEX channels.
If these plugins are configured, then the vulnerability cannot be exploited. If you have this switch plugin configured, then you should upgrade Slurm to 24.05.2, 23.11.9, or 23.02.8 versions which contain a patch for this issue
Recent Comments