Qlustar

Contact Info

Legal Information

Qlustar

Contact Info

Legal Information

[QSA-0408261]
Linux kernel vulnerabilities

Qlustar Security Advisory 0408261

April 8th, 2026

Summary:

The system could crash or be made to run programs as an administrator.

Package(s)       : linux-image-ql-generic,
                   qlustar-module-core-jammy-amd64-13.4,
                   qlustar-module-core-noble-amd64-14.1
Qlustar releases : 13, 14
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : Not documented

A number of vulnerabilities and bugs have been discovered in the 6.12.x Linux kernel series since the last Qlustar 14 release based on 6.12.73. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 6.12.73 up to the current Qlustar kernel 6.12.80:

Linux kernel 6.12.80
Linux kernel 6.12.79
Linux kernel 6.12.78
Linux kernel 6.12.77
Linux kernel 6.12.76
Linux kernel 6.12.75
Linux kernel 6.12.74

A number of vulnerabilities and bugs have been discovered in the 5.15.x Linux kernel series since the last Qlustar 13.0 release based on 5.15.200. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.15.200 up to the current Qlustar kernel 5.15.202:

Linux kernel 5.15.202
Linux kernel 5.15.201

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions:

For Qlustar 14

linux-image-ql-generic                     6.12.80-ql-generic-14-8
qlustar-module-core-noble-amd64-14.1       14.1.1-b589f1620

For Qlustar 13

linux-image-ql-generic                     5.15.202-ql-generic-13.0-26
qlustar-module-core-jammy-amd64-13.4       13.4.1-b588f1619

Special Update instructions:

In addition to the steps described in the general Qlustar Update Instructions these updates require the following:

  • Spack migration With the release of the HPC Core Stack 02/26, spack was also updated to version 1.1.1. This update requires a migration of the Spack database to version 8. To migrate, after the update is done, login on a cluster node as a user with Spack admin rights (usually user softadm or anybody in the group softadm) and execute 
    # spack reindex

    Note that after this, older Spack versions will no longer be able to read the database. However, a backup is created in case a revert is needed.