CVE-2023-49936
Description
A NULL pointer dereference in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x allows remote attackers to cause a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x allows remote attackers to cause a denial of service.
Vulnerability
A NULL pointer dereference vulnerability exists in SchedMD Slurm versions 22.05.x, 23.02.x, and 23.11.x. The exact code path and conditions required to trigger the dereference have not been publicly disclosed, but the issue leads to a denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1 [1].
Exploitation
No detailed exploitation steps have been published. Based on the advisory, an attacker likely needs network access to a vulnerable Slurm daemon (e.g., slurmd or slurmctld) to send a crafted request that triggers the NULL pointer dereference. No authentication or user interaction is explicitly required, but the specific preconditions are not documented [1].
Impact
Successful exploitation results in a denial of service (DoS) condition, causing the affected Slurm daemon to crash. This disrupts job scheduling, resource management, and overall cluster operations. No data confidentiality or integrity impact has been reported [1].
Mitigation
Upgrade to Slurm 22.05.11, 23.02.7, or 23.11.1 as appropriate. No workarounds are available; the only option is to patch and restart the affected daemons. SchedMD only provides security fixes for supported releases (currently 23.11, 23.02, and 22.05) [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27- osv-coords25 versionspkg:rpm/opensuse/slurm_20_02&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm_20_11&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm_22_05&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 20.02.7-150100.3.30.1+ 24 more
- (no CPE)range: < 20.02.7-150100.3.30.1
- (no CPE)range: < 20.11.9-150200.6.16.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 18.08.9-3.23.1
- (no CPE)range: < 20.02.7-3.20.1
- (no CPE)range: < 20.11.9-150200.6.16.1
- (no CPE)range: < 20.11.9-3.19.1
- (no CPE)range: < 22.05.11-150200.5.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-3.9.1
- (no CPE)range: < 23.02.7-150200.5.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-3.16.1
- (no CPE)range: < 20.02.7-150200.3.20.1
- (no CPE)range: < 20.11.9-150300.4.12.1
- (no CPE)range: < 20.11.9-150400.3.3.1
- (no CPE)range: < 20.11.9-150400.3.3.1
- (no CPE)range: < 17.02.11-6.59.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 23.02.7-150500.5.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/mitrevendor-advisory
- lists.schedmd.com/pipermail/slurm-announce/2023/000103.htmlmitre
- www.schedmd.com/security-archive.phpmitre
News mentions
0No linked articles in our index yet.