CVE-2023-49937
Description
A double-free vulnerability in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x allows denial of service or potential arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A double-free vulnerability in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x allows denial of service or potential arbitrary code execution.
Vulnerability
A double-free vulnerability exists in the Slurm protocol handling, affecting versions 22.05.x, 23.02.x, and 23.11.x. The issue is triggered during RPC message processing, leading to a double free of memory. The fixed versions are 22.05.11, 23.02.7, and 23.11.1 [1].
Exploitation
An attacker with network access to the Slurm control daemon (slurmctld) or slurmd can send crafted RPC messages to trigger the double free. No authentication is required if the attacker can reach the daemon ports. The advisory notes that this is a protocol-level issue [1].
Impact
Successful exploitation results in a denial of service (daemon crash) and potentially arbitrary code execution due to memory corruption. The attacker could gain the privileges of the affected daemon, typically root [1].
Mitigation
Upgrade to Slurm 22.05.11, 23.02.7, or 23.11.1. No workarounds are available; the only option is to patch and restart the affected daemons [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27- osv-coords25 versionspkg:rpm/opensuse/slurm_20_02&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm_20_11&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm_22_05&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_20_11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 20.02.7-150100.3.30.1+ 24 more
- (no CPE)range: < 20.02.7-150100.3.30.1
- (no CPE)range: < 20.11.9-150200.6.16.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 18.08.9-3.23.1
- (no CPE)range: < 20.02.7-3.20.1
- (no CPE)range: < 20.11.9-150200.6.16.1
- (no CPE)range: < 20.11.9-3.19.1
- (no CPE)range: < 22.05.11-150200.5.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-150300.7.9.1
- (no CPE)range: < 22.05.11-3.9.1
- (no CPE)range: < 23.02.7-150200.5.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-3.16.1
- (no CPE)range: < 20.02.7-150200.3.20.1
- (no CPE)range: < 20.11.9-150300.4.12.1
- (no CPE)range: < 20.11.9-150400.3.3.1
- (no CPE)range: < 20.11.9-150400.3.3.1
- (no CPE)range: < 17.02.11-6.59.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 23.02.7-150500.5.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/mitrevendor-advisory
- lists.schedmd.com/pipermail/slurm-announce/2023/000103.htmlmitre
- www.schedmd.com/security-archive.phpmitre
News mentions
0No linked articles in our index yet.