It was discovered that the Linux kernel algif_aead module contained a
logic flaw allowing a local attacker to escalate privileges to root. All
Qlustar 14 Ubuntu releases are vulnerable to this bug. Qlustar 13 Ubuntu
releases are not vulnerable and Qlustar 13/14 AlmaLinux releases are
vulnerable but the public exploit does not work there. To mitigate the
issue until kernel updates are made available please proceed as follows:
On all running Qlustar 14 Ubuntu nodes including the head-node execute
$ rmmod algif_aead
$ rm -f /usr/lib/modules/*/kernel/crypto/algif_aead.ko
Then for each Qlustar 14 image do
$ qlustar-image-edit -s <img-name>
$ rm -f usr/lib/modules/*/kernel/crypto/algif_aead.ko
$ exit
Please note the missing / at the beginning of the path here. These
changes will prevent loading the faulty algif_aead kernel module, which
is not needed on any standard Qlustar HPC/AI cluster setup.
To check whether a node was already exploited execute
$ diff /union/image/usr/bin/su /usr/bin/su
If they differ, someone definitely has exploited the bug and became
root. In that case reboot the node immediately after you have changed
the image like explained above.
