CVE-2023-49933
Description
SchedMD Slurm versions 22.05.x, 23.02.x, and 23.11.x permit malicious modification of RPC traffic due to improper message integrity enforcement.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SchedMD Slurm versions 22.05.x, 23.02.x, and 23.11.x permit malicious modification of RPC traffic due to improper message integrity enforcement.
Vulnerability
SchedMD Slurm versions 22.05.x, 23.02.x, and 23.11.x contain an improper enforcement of message integrity during transmission. This flaw, designated as a protocol message extension vulnerability (CVE-2023-49933), allows an attacker to modify RPC traffic in a way that bypasses the message hash checks intended to detect tampering. The affected versions are all releases in the 22.05, 23.02, and 23.11 series prior to the fixes [1].
Exploitation
An attacker who can intercept or inject network traffic between Slurm daemons can craft malicious RPC messages that bypass the hash verification mechanism. No authentication or user interaction is required beyond network access to the Slurm communication channel [1]. The attack exploits the lack of proper integrity checks, enabling the attacker to replay or alter legitimate RPC requests without detection.
Impact
Successful exploitation allows an attacker to modify RPC traffic, potentially leading to unauthorized actions such as privilege escalation, job manipulation, or denial of service. The detailed impact depends on the specific RPC messages altered, but the core consequence is the compromise of message integrity, which undermines the trust in Slurm's internal communication [1].
Mitigation
SchedMD has released fixed versions 22.05.11, 23.02.7, and 23.11.1 to address this vulnerability. There are no known workarounds; the only mitigation is to upgrade the affected daemons to the patched versions and restart them. This issue was reported by Ryan Hall from Meta Red Team X [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27- osv-coords25 versionspkg:rpm/opensuse/slurm_20_02&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm_20_11&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm_22_05&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 20.02.7-150100.3.30.1+ 24 more
- (no CPE)range: < 20.02.7-150100.3.30.1
- (no CPE)range: < 20.11.9-150200.6.16.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 18.08.9-3.23.1
- (no CPE)range: < 20.02.7-3.20.1
- (no CPE)range: < 20.11.9-150200.6.16.1
- (no CPE)range: < 20.11.9-3.19.1
- (no CPE)range: < 22.05.11-150200.5.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-3.9.1
- (no CPE)range: < 23.02.7-150200.5.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-3.16.1
- (no CPE)range: < 20.02.7-150200.3.20.1
- (no CPE)range: < 20.11.9-150300.4.12.1
- (no CPE)range: < 20.11.9-150400.3.3.1
- (no CPE)range: < 20.11.9-150400.3.3.1
- (no CPE)range: < 17.02.11-6.59.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 23.02.7-150500.5.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/mitrevendor-advisory
- lists.schedmd.com/pipermail/slurm-announce/2023/000103.htmlmitre
- www.schedmd.com/security-archive.phpmitre
News mentions
0No linked articles in our index yet.