On 29th April 2026 an advisory for CVE-2026-31431 was released alongside working proof of concept code. This is a privilege escalation vulnerability which is trivially exploitable and which affects all versions of Linux released since 2017. Shortly after this was…
Ransomware and HPC: HPCsec looks at some key considerations for protecting your HPC environment and supercomputers from ransomware
Guidance on securing a BeeGFS installation.
We take a look at the HPE Cray EX supercomputer platform from a security perspective.
CVE: CVE-2020-4983
Severity: CVSS 9.6 (Critical)
This advisory details two closely related vulnerabilities affecting versions of Spectrum LSF which can allow an adversary to gain root access to a cluster.
Exploit code enabling a user to gain root access to a system running vulnerable versions of Spectrum Scale (GPFS) surfaced online. We've undertaken an analysis of this exploit code and written a safe script that you can use to check if your Spectrum Scale installation is vulnerable as well as some best practice advice for securing your installation.
HPCsec took a look at whether the recent critical vulnerabilities in IBM Websphere (CVE-2020-4448 + CVE-2020-4450) affect Spectrum Scale GUI users
What security questions should you be asking during your next HPC/Supercomputer procurement?
A vulnerability exists in a default
installation of BeeGFS which allows users to perform operations which allow them to elevate their privileges and become root. This is due to a failure to properly authenticate a user when performing filesystem operations.
CVE-2019-14287 is a vulnerability affecting versions of sudo < 1.8.28 which can allow users with sudo privileges to circumvent restrictions and become root. This post is a worked example of exploiting this vulnerability.