It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. All Qlustar 14 Ubuntu releases are vulnerable to this bug. Qlustar 13 Ubuntu releases are not vulnerable and Qlustar 13/14 AlmaLinux releases are vulnerable but the public exploit does not work there. To mitigate the issue until kernel updates are made available please proceed as follows:

On all running Qlustar 14 Ubuntu nodes including the head-node execute

$ rmmod algif_aead $ rm -f /usr/lib/modules/*/kernel/crypto/algif_aead.ko

Then for each Qlustar 14 image do

$ qlustar-image-edit -s <img-name> $ rm -f usr/lib/modules/*/kernel/crypto/algif_aead.ko $ exit

Please note the missing / at the beginning of the path here. These changes will prevent loading the faulty algif_aead kernel module, which is not needed on any standard Qlustar HPC/AI cluster setup.

To check whether a node was already exploited execute

$ diff /union/image/usr/bin/su /usr/bin/su

If they differ, someone definitely has exploited the bug and became root. In that case reboot the node immediately after you have changed the image like explained above.