Unrated severityNVD Advisory· Published Jan 31, 2019· Updated Aug 4, 2024

CVE-2019-6438

Description

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 incorrectly handles memory on 32-bit systems, potentially leading to buffer overflows.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 incorrectly handles memory on 32-bit systems, potentially leading to buffer overflows.

Vulnerability

SchedMD Slurm versions before 17.11.13 and 18.x before 18.08.5 mishandle memory operations on 32-bit systems [1][2]. The vulnerability stems from improper handling of 32-bit arithmetic or pointer operations, which can result in memory corruption or buffer overflow. The issue affects only 32-bit builds; the overwhelming majority of installations running on 64-bit systems are not affected [2].

Exploitation

An attacker would need to interact with a 32-bit Slurm installation. The exact exploitation prerequisites are not fully detailed in the available references, but the vulnerability allows for memory mishandling that could be triggered remotely or by a local user with access to Slurm commands. The official announcement indicates that the fix addresses a security vulnerability on 32-bit systems [2].

Impact

Successful exploitation could lead to unpredictable behavior, including potential denial of service or arbitrary code execution, depending on the nature of the memory corruption. The vulnerability may allow an attacker to gain elevated privileges or crash the system, but the exact impact is not explicitly described beyond the general mishandling on 32-bit systems [1][2].

Mitigation

SchedMD has released fixed versions 17.11.13 and 18.08.5 [2]. Administrators running Slurm on 32-bit hardware should upgrade to these versions. For 64-bit builds, no action is required as they are not vulnerable. Past unsupported versions also suffer from similar issues, and upgrading to a supported fixed release is the only resolution [2]. No workarounds are documented.

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Schedmd/Slurminferred2 versions
<17.11.13 || >=18.0.0,<18.08.5+ 1 more
- (no CPE)range: <17.11.13 || >=18.0.0,<18.08.5
- (no CPE)range: >=17.0.0 <17.11.13 || >=18.0.0 <18.08.5
osv-coords14 versions
pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/slurm&distro=openSUSE%20Tumbleweed pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015 pkg:rpm/suse/pdsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1 pkg:rpm/suse/pdsh_slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh_slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/pdsh_slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015 pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015
< 17.11.13-lp150.5.20.1+ 13 more
- (no CPE)range: < 17.11.13-lp150.5.20.1
- (no CPE)range: < 21.08.1-1.1
- (no CPE)range: < 2.33-7.18.1
- (no CPE)range: < 2.33-7.6.1
- (no CPE)range: < 2.33-7.6.1
- (no CPE)range: < 2.34-7.26.2
- (no CPE)range: < 2.34-7.26.2
- (no CPE)range: < 2.34-7.32.1
- (no CPE)range: < 18.08.9-3.5.1
- (no CPE)range: < 18.08.9-1.5.2
- (no CPE)range: < 20.02.3-3.5.1
- (no CPE)range: < 20.11.4-3.5.1
- (no CPE)range: < 17.02.11-6.33.1
- (no CPE)range: < 17.11.13-6.15.17

Patches

No patches discovered yet.

Vulnerability mechanics

Root cause

"Slurm mishandles operations on 32-bit systems, but the advisory does not specify the underlying defect."

Attack vector

The advisory describes the vulnerability only as "mishandles 32-bit systems" [ref_id=1]. No attack vector, preconditions, or payload details are provided. The bundle lacks any description of how an attacker would trigger the bug, what network path is required, or what shape a malicious input would take.

Affected code

The advisory does not specify which functions or files are at fault. It only states that Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems [ref_id=1]. No patch or code diff is provided in the bundle.

What the fix does

The advisory states that the fix is to upgrade to Slurm 17.11.13 or 18.08.5 [ref_id=1]. No patch diff is included in the bundle, so the specific code changes that close the vulnerability are not visible. The advisory does not elaborate on what the fix changes internally.

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00090.htmlmitrevendor-advisoryx_refsource_SUSE
lists.debian.org/debian-lts-announce/2020/03/msg00016.htmlmitremailing-listx_refsource_MLIST
lists.schedmd.com/pipermail/slurm-announce/2019/000018.htmlmitrex_refsource_CONFIRM
www.schedmd.com/news.phpmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000