UTHPC incident

HPC cluster Rocket is temporarily unavailable due to ongoing security fixes (CVE-2026-46242 and CVE-2026-43499)

Major Resolved

UTHPC experienced a major incident on July 9, 2026 affecting rocket.hpc.ut.ee and Services (Galaxy) and 1 more component, lasting 18h 24m. The incident has been resolved; the full update timeline is below.

Started
Jul 09, 2026, 06:37 PM UTC
Resolved
Jul 10, 2026, 01:02 PM UTC
Duration
18h 24m
Detected by Pingoru
Jul 09, 2026, 06:37 PM UTC

Affected components

rocket.hpc.ut.eeServices (Galaxy)Services (RStudio)Services (Open OnDemand)

Update timeline

  1. investigating Jul 09, 2026, 06:37 PM UTC

    **Due to recently identified Linux kernel vulnerabilities (**[**CVE-2026-46242**](https://access.redhat.com/security/cve/cve-2026-46242) **and** [**CVE-2026-43499**](https://access.redhat.com/security/cve/cve-2026-43499)**), we have temporarily disabled access to the UT HPC Rocket cluster as a precautionary measure to mitigate potential security risks.** Currently, access to login nodes is unavailable. Also, new job submissions are temporarily disabled. Jobs that were already running before the access restrictions were applied continue to run and are not affected. Our system administrators are working to restore full service as quickly as possible. Thank you for your patience!

  2. monitoring Jul 10, 2026, 06:14 AM UTC

    We have applied the security patches to mitigate the vulnerability. The login nodes are now accessible; however, job submission remains disabled while we complete additional validation and testing. We require more time to ensure the cluster is fully stable before restoring normal operation. We appreciate your patience.

  3. identified Jul 10, 2026, 07:04 AM UTC

    Due to the same security vulnerability, all SAPU machines are currently unavailable while security patches are being applied. We expect service to be restored later tonight. Thank you for your patience.

  4. identified Jul 10, 2026, 08:42 AM UTC

    We are closing login nodes access again. The Rocket cluster is continuously not available. We expect the cluster to remain unavailable for most of the day. We apologize for the inconvenience and will provide updates as they become available.

  5. resolved Jul 10, 2026, 01:02 PM UTC

    **HPC services are restored.** Access to the UT Rocket cluster and Galaxy, Open OnDemand, and their services RStudio and Jupyter have been fully restored. The previously identified Linux kernel vulnerabilities have been addressed, and users can once again access the Rocket login nodes as usual and submit new jobs to the compute nodes.