Alma Linux 8.10 HPC image seems to be running an insecure kernel from Aug 2024

[garymansellricardo]

Hi,

I have just noticed that the latest available Alma Linux 8.10 HPC image (released May 2025) seems to be running Alma Linux Kernel 0:4.18.0-553.16.1.el8_10 from Aug 2024.

There are 53 security vulnerabilities rated Critical or High in packages in this release even when fully updated (as the maintainers hold back various kernel and other device driver related packages).

Why is this image still running such an out of date kernel and other packages - surely they should have all be updated to latest available in May 2025, or am I mistaken/missing something here?

My understanding from a previous convo about Azure HPC image security policy - was that you release updated HPC images quarterly with updated packages and would issue out-of-band ones if there was a critical security issue. But, this does not seem to have occurred.

In this day and age, we can't be running un-patched systems - even in HPC environments (surely)?

Please can you let me know what the plans to release an updated Alma Linux 8.10 HPC image are and when (I believe it is already overdue, if quarterly)? Also, what your "official" security/updating policy, as this is likely to have a big effect on using Azure CycleCloud and HPC images in the corporate environment.

Thanks and Regards

Gary

[darkwhite29]

Hi @garymansellricardo,

Thanks for raising the security concern. Please consider using our latest AlmaLinux 9.6 image with the 5.14 kernel with the vulnerabilities addressed:

almalinux:almalinux-hpc:9-hpc-gen2:9.6.2025100101

[garymansellricardo]

Ah, I see - have you moved on from Alma 8.x, to Alma 9.x (I had not noticed that)? I saw that 8.10 was updated in May 25 and presumed that the packages in it had been updated to current around that time (my bad, assuming).

I will look into that to make sure my CAE/CFD codes (hopefully) support Alma 9 and build a new custom image based on that.

FYI - the latest CycleCloud version's Slurm template still defaults to the Alma 8.10 image, maybe they will update to the new Alma 9 image, soon, do you think?

Once again, thanks for the speedy response, all the best and feel free to close the issue.

[darkwhite29]

I will talk to CycleCloud team to support Alma 9 from their end. Thanks!

[garymansellricardo]

I have built the images from Alma 9 hpc - but latest cyclecloud does not work with them, so I think we definitely need their team to update their side before I can start using the new images.

I presume there is no chance that you will update the Alma 8.10 hpc images to give us cover until cyclecloud team support alma 9 (if it might be a while until they do)?

[darkwhite29]

They will have the Alma 9 supported in about 1 month.