[Completed] ASPIRE 2A Scheduled System Maintenance From 3 Jun 2026, 9am to 8 Jun 2026, 4pm​

/in , /by

Dear ASPIRE 2A users,

 

We are pleased to announce that the scheduled system maintenance for ASPIRE 2A has been completed. You may proceed to use the systems as per usual.

ACTION REQUIRED

A. Reset Password and SSH Keys

Following our recent system recovery, all users are required to update their login credentials and reset their SSH keys to ensure environment security.
Please follow the instructions below based on your organization’s enrollment:
1. Singapore Access Federation (SGAF) Users:
  • Log in to the web portal at user.nscc.sg to update your account password and upload your new SSH public key.
2. All Other Users:
  • Log in directly to your designated login node via your terminal or SSH client to perform your password change and update your SSH key.
Security Note:
Once your new SSH public key is successfully uploaded and verified, please ensure you delete your old SSH key from the system.

 

B. VPN Certificate Verification

For VPN users, please be informed that the VPN security certificate for vpn1.nscc.sg has been renewed.
As a result, some users may see a Check Point Endpoint Security warning indicating that the site certificate fingerprint has changed. This is expected due to the certificate renewal.
Please verify that the VPN site is shown as vpn1.nscc.sg. If the site name is correct, click “Trust and Continue” to proceed with the VPN connection.
Do not proceed if the VPN site name appears unfamiliar or different.

Please contact our Helpdesk via the Service Desk Portal or email us at [email protected] if you have any questions.

 

Thank you.

Warm regards,
The NSCC Team

[Extension] ASPIRE 2A Scheduled System Maintenance From 3 Jun 2026, 9am to 8 Jun 2026, 4pm

/in , /by

Dear ASPIRE 2A users,

Please be advised that the release of the ASPIRE 2A system following its scheduled maintenance is being extended.

During our final checks, a Slingshot fabric issue was identified that impacts storage stability. Because system stability is critical to ensuring a safe and secure service restoration, the ASPIRE 2A release is being held until this matter is fully resolved and validated.

Our team is actively working on the resolution, and we will provide a further update as soon as a new release time is confirmed.

Thank you for your patience as we ensure the system meets all operational standards.
Please contact our Helpdesk via the Service Desk Portal or email us at [email protected] if you have any questions.

Thank you.

Warm regards,
The NSCC Team

[Status Update 5] System Security Review for ASPIRE 2A

/in , /by

Dear ASPIRE 2A users,

 

This is to provide a further update on the ongoing system-wide security review and recovery activities for ASPIRE 2A.

 

Current Status:

  1. User home directory scanning is currently underway, and the team is taking steps to expedite the process.
  2. The system release criteria have been established, and remediation actions are now underway to meet these requirements and secure ASPIRE 2A prior to service restoration.
  3. Our cybersecurity partners are still continuing their intensive reviews and checks across the systems, including review of the system scan results.
  4. ASPIRE 2A will remain unavailable until 8 June to allow the completion of recovery validation, planned upgrades, security updates, and required system changes.

 

The next update will be provided on 8 June at 5:00pm.

 

We appreciate your patience and cooperation during this period.

Should you have any questions or require assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected]. This will ensure that your request is properly recorded, tracked, and responded to. Queries sent through other channels may not be captured or addressed.

 

Thank you.

Warm regards,
The NSCC Team

[Status Update 4] System Security Review for ASPIRE 2A

/in , /by

Dear ASPIRE 2A users,

 

This is to provide a further update on the ongoing system-wide security review and recovery activities for ASPIRE 2A.

 

Current Status:

  1. System recovery operations are being executed concurrently with the scheduled June 2026 MOS maintenance, by integrating software updates and vulnerability patching.
  2. Ongoing scanning of user home directories for potential malware remnants or anomalous artifacts.
  3. Our cybersecurity partners are still continuing their intensive reviews and checks across the systems, including review of the system scan results.
  4. ASPIRE 2A will remain unavailable until 8 June to allow the completion of recovery validation, planned upgrades, security updates, and required system changes.

 

The next update will be provided on 5 June at 5:00pm.

 

We appreciate your patience and cooperation during this period.

Should you have any questions or require assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected]. This will ensure that your request is properly recorded, tracked, and responded to. Queries sent through other channels may not be captured or addressed.

 

Thank you.

Warm regards,
The NSCC Team

[Status Update 3] System Security Review for ASPIRE 2

/in , /by

Dear ASPIRE 2A users,

 

This is to provide a further update on the ongoing system-wide security review and recovery activities for ASPIRE 2A.

 

Current Status:

  1. System scanning is in progress as part of ensuring our systems are clean and secure.
  2. Our cybersecurity partners are continuing their intensive reviews and checks across the systems, including review of the system scan results.
  3. Planned upgrades and security updates are also being implemented as part of the overall recovery and assurance activities.
  4. ASPIRE 2A will remain unavailable until 8 June to allow the completion of recovery validation, planned upgrades, security updates, and required system changes.

 

The next update will be provided on 4 June at 5:00pm.

 

We appreciate your patience and cooperation during this period.

Should you have any questions or require assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected]. This will ensure that your request is properly recorded, tracked, and responded to. Queries sent through other channels may not be captured or addressed.

 

Thank you.

Warm regards,
The NSCC Team

[Status Update 2] System Security Review for ASPIRE 2A

/in , /by

Dear ASPIRE 2A users,

 

This is to provide a further update on the ongoing system-wide security review and recovery activities for ASPIRE 2A.

Our teams have been working diligently over the past days to ensure the safety, stability, and integrity of our system.

 

Current Status:

  1. Security hardening measures have been implemented.
  2. System recovery and validation activities are still in progress to ensure that the environment is safe and stable before service is restored. This includes ongoing system scanning, which forms part of the recovery validation process.
  3. Our cybersecurity partners are also conducting intensive reviews and checks across the systems as part of the overall recovery and assurance activities.
  4. ASPIRE 2A will remain unavailable until 8 June to allow the completion of recovery validation, planned upgrades, and required system changes.

 

The next update will be provided on 3 June at 5:00pm.

 

We appreciate your patience and cooperation during this period.

Should you have any questions or require assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected]. This will ensure that your request is properly recorded, tracked, and responded to. Queries sent through other channels may not be captured or addressed.

 

Thank you.

Warm regards,
The NSCC Team

[Status Update] Ongoing System Security Review for ASPIRE 2A

/in , /by

Dear ASPIRE 2A users,

 

This is to provide a progressive update on the ongoing on the system-wide verification and investigation regarding the cybersecurity incident affecting ASPIRE 2A.

 

Our teams have been working diligently over the past days to ensure the safety, stability, and integrity of our system.

 

Current Status:

  • We have completed the investigation and analysis of the incident.
  • We are now proceeding with system recovery, validation, and security hardening activities.
  • Login access to ASPIRE 2A will remain unavailable while these activities are ongoing.

Next Steps:

  • We are targeting the release of ASPIRE 2A on 8 June 2026, Monday, subject to completion of the required recovery and validation checks.

 

We appreciate your patience and cooperation during this period.

 

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

 

Thank you.

Warm regards,
The NSCC Team

Cybersecurity Incident Investigation for ASPIRE 2A

/in , /by

Dear ASPIRE 2A users,

 

Please be informed that we are conducting an investigation on a cybersecurity incident for ASPIRE 2A. Our team is working to ensure the integrity and safety of our system.

 

Because this requires a methodical, system-wide verification process, we are currently unable to provide an exact restoration time.

 

Impact During this Period:
Users will not be able to access the system during this period.

 

We are working diligently to complete this verification and resolve the matter as quickly as possible.

 

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

 

Thank you.

Warm regards,
The NSCC Team

[Advisory] MPI, Debugger and Profiler Behavior After CVE-2026-46333 Mitigation​

/in , , , /by

Dear NSCC Users,

Red Hat published a security advisory (CVE-2026-46333, Red Hat Security Bulletin RHSB-2026-004) describing a local privilege-escalation vulnerability in the Linux kernel. NSCC has applied Red Hat’s recommended mitigation on ASPIRE 2A on 17 May 2026.

The same mitigation has also been applied to ASPIRE 2A+ as a precautionary measure, while we await a response and further guidance from NVIDIA.

This is a defense-in-depth measure intended to ensure continued protection through the planned June kernel upgrade, where the underlying conditions may change. Please be assured that no NSCC user data, jobs, or accounts are known to have been affected by this vulnerability.

However, because this mitigation restricts certain kernel-level process tracking and memory access, it will temporarily alter the behavior of development tools and MPI frameworks as detailed below.

 

Debuggers and Profilers
Debuggers, profilers, and tracing tools that rely on ptrace may not be functional as expected under this mitigation. The most common symptom is “Operation not permitted” when a tool attempts to inspect or attach to a process.

General Guideline: Workflows where a tool starts your program from the beginning are more likely to continue working. Workflows where a tool reaches into or attaches to a process that is already running will likely fail.

If your usual workflow involves attaching to an existing PID (e.g., gdb -p, strace -p, perf -p, nsys attach, ncu –pid, py-spy –pid, gcore), expect it to fail or behave incorrectly.

Tools that may not be functional as expected include, but are not limited to:

  • gdb, cuda-gdb
  • strace, ltrace
  • perf (record, stat, top)
  • nsight-systems (nsys), nsight-compute (ncu)
  • VTune
  • CrayPat (pat_run), perftools-lite
  • valdrind4hpc, heaptrack (in some modes)
  • gcore, py-spy, rr, and other tools that read /proc/<pid>/mem

 

Important Note: Arm Forge (DDT, MAP, PR) is known not to work under this mitigation and should not be used until further notice.

This list is not exhaustive. If you use a tool not mentioned here and observe unexpected behavior, assume it may be related to this change.

MPI and Intra-node Communication
Cray MPICH’s shared-memory single-copy optimizations (XPMEM, cross-memory-attach) rely on kernel mechanisms that this mitigation also gates. Without action, Cray MPICH jobs would be expected to fail or hang on intra-node communication.

We have applied site-wide environment defaults to disable the affected single-copy paths:
export MPICH_CH4_XPMEM_LMT_MSG_SIZE=NONE
export MPICH_SMP_SINGLE_COPY_MODE=NONE

With these in place, Cray MPICH is expected to function normally. The exports are applied in the default module environment, so you do not need to add them to your job scripts unless you have explicitly overridden them. There may be a small performance impact on large intra-node messages, but correctness is preserved.

OpenMPI and NCCL are not affected and require no changes.

If you build your own MPI from source, or use a non-default MPI distribution, please apply equivalent flags to disable single-copy / cross-memory-attach mechanisms in your implementation.

Next Steps
We will revisit and roll back this mitigation once patched kernels are available, validated, and deployed in June. Until then, thank you for your patience and cooperation as you adapt your workflows.

If a particular task or business-critical workflow is materially impacted, please reach out to us so we can assist.

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you.

Warm regards,
The NSCC Team

[Completed] NUS Fire Certification Inspection and Electrical Shutdown Affecting ASPIRE 2A & 2A+ from 15 May 2026, 3PM to 18 May 2026, 10AM

/in , , , /by

Dear NSCC users,

We are pleased to announce that the activities has been completed. You may proceed to login to the ASPIRE 2A and 2A+ systems as per normal.

Important Note for ASPIRE 2A Users:

  • There will be temporary limitations to the MPI, debugger and profiler behavior after the CVE-2026-46333 mitigation. Please refer to our subsequent follow-up email for specific details.

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you.

Warm regards,
The NSCC Team